samba.git/python/samba/safe_tarfile.py, branch talloc-2.4.4 Unnamed repository; edit this file 'description' to name the repository. python:tarfile: notes about extraction_filter 2025-08-26T23:43:08+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2025-08-22T04:23:16+00:00 0aee889f5548e2cae596ab84e0d39780f9844735 a reminder to delete. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Tue Aug 26 23:43:08 UTC 2025 on atb-devel-224 
a reminder to delete.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Aug 26 23:43:08 UTC 2025 on atb-devel-224
python: Remove unused imports 2023-08-30T02:15:29+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-08-24T23:09:52+00:00 fce882ab67186fddd957404fe62f84d41380895c Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python/samba: Adjust tarfile extraction filter 2023-07-21T01:25:37+00:00 Noel Power noel.power@suse.com 2023-07-14T13:53:29+00:00 e401ae44b2f952fc2686065fbfb3a563e3d4066a The 'data_filter' is far too restrictive, this filter doesn't apply any mode bits to directories which in turn will result in unexpected directory permissions of the amongst others msg.[ls]ock directories. With 'data_filter' and a 'patched' python at best we experience CI failures with samba-ad-back1 & samba-ad-back2 CI jobs due to server startup failures, at worst user/admins will need to adjust directory permissions post backup. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
The 'data_filter' is far too restrictive, this filter doesn't apply any
mode bits to directories which in turn will result in unexpected
directory permissions of the amongst others msg.[ls]ock directories.

With 'data_filter' and a 'patched' python at best we experience
CI failures with samba-ad-back1 & samba-ad-back2 CI jobs due to server
startup failures, at worst user/admins will need to adjust directory
permissions post backup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python:safe_tarfile: Improve safe extract() 2023-06-14T22:57:34+00:00 Andreas Schneider asn@samba.org 2023-06-06T13:38:12+00:00 1f74f9f366d7f107a89220a4a5951bc4daf18025 This also checks for symlinks and hardlinks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
This also checks for symlinks and hardlinks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
python:safe_tarfile: Implement safer extractall() 2023-06-14T22:57:34+00:00 Andreas Schneider asn@samba.org 2023-06-06T13:30:20+00:00 431f7698e48387413aac586c7a939a1682464681 This also checks for symlinks and hardlinks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
This also checks for symlinks and hardlinks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
python:safe_tarfile: Set extraction_filter for pythons providing it 2023-06-14T22:57:34+00:00 Andreas Schneider asn@samba.org 2023-06-06T13:29:06+00:00 8c90c66a9a409d807dad56822540509c9813425b It should be available for Python >= 3.11.4 but also has been backported. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
It should be available for Python >= 3.11.4 but also has been
backported.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
CVE-2007-4559 python: ensure sanity in our tarfiles 2022-10-04T03:48:43+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2022-09-23T00:32:25+00:00 37406b9d97f123576c811b9fe22b39b02af62f83 Python's tarfile module is not very careful about paths that step out of the target directory. We can be a bit better at little cost. This was reported in 2007[1], and has recently been publicised [2, for example]. We were informed of this bug in December 2021 by Luis Alberto López Alvar, but decided then that there were no circumstances under which this was a security concern. That is, if you can alter the backup files, you can already do worse things. But there is a case to guard against an administrator being tricked into trying to restore a file that isn't based on a real backup. [1] https://nvd.nist.gov/vuln/detail/CVE-2007-4559 [2] https://www.theregister.com/2022/09/22/python_vulnerability_tarfile/ BUG: https://bugzilla.samba.org/show_bug.cgi?id=15185 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Oct 4 03:48:43 UTC 2022 on sn-devel-184 
Python's tarfile module is not very careful about paths that step out
of the target directory. We can be a bit better at little cost.

This was reported in 2007[1], and has recently been publicised [2, for
example].

We were informed of this bug in December 2021 by Luis Alberto López
Alvar, but decided then that there were no circumstances under which
this was a security concern. That is, if you can alter the backup
files, you can already do worse things. But there is a case to guard
against an administrator being tricked into trying to restore a file
that isn't based on a real backup.

[1] https://nvd.nist.gov/vuln/detail/CVE-2007-4559
[2] https://www.theregister.com/2022/09/22/python_vulnerability_tarfile/

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15185

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct  4 03:48:43 UTC 2022 on sn-devel-184