Review Request 128233: Don't trust files claiming to be created on unix more than other files
David Faure
faure at kde.org
Sat Jul 2 10:50:25 UTC 2016
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/128233/#review97019
-----------------------------------------------------------
autotests/karchivetest.cpp (line 1097)
<https://git.reviewboard.kde.org/r/128233/#comment65549>
That's not really a unit test, if the person running the test has to read the output ;)
src/kzip.cpp (line 699)
<https://git.reviewboard.kde.org/r/128233/#comment65550>
This loses permission information (e.g. 0755 vs 0750 vs 0700). How about just access |= S_IFDIR, i.e. ensuring it's a dir and still using the permission information if present? Maybe adding 0700 too, so the user can do something with it ;)
I'm thinking about use cases like zipping a directory for backup or transfer to another computer...
The `zip` program does preserve permissions.
Testcase:
mkdir ziptest
cd ziptest
mkdir 700 750 755
chmod 700 700
chmod 750 750
chmod 755 755
ls -l
zip -r my.zip 7*
unzip -l *zip
mkdir out
cd out
unzip ../*zip
- David Faure
On June 17, 2016, 11:10 p.m., Sune Vuorela wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/128233/
> -----------------------------------------------------------
>
> (Updated June 17, 2016, 11:10 p.m.)
>
>
> Review request for KDE Frameworks and David Faure.
>
>
> Repository: karchive
>
>
> Description
> -------
>
> Don't trust files claiming to be created on unix more than other files
>
> For some historical reasons, we special case zip files claiming to be
> created on unix and trust the content regarding file rights a bit better.
>
> Zip files in the wild have shown to violate this, so don't trust them.
>
> Thanks to Jonathan Marten for the test case
>
> BUG: 364071
>
>
> Diffs
> -----
>
> autotests/data/unusual_but_valid_364071.zip PRE-CREATION
> autotests/karchivetest.h 4b7ecff
> autotests/karchivetest.cpp c8abddf
> src/kzip.cpp e7e8477
>
> Diff: https://git.reviewboard.kde.org/r/128233/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Sune Vuorela
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160702/1240d060/attachment.html>
More information about the Kde-frameworks-devel
mailing list