Review Request 128233: Don't trust files claiming to be created on unix more than other files

David Faure faure at kde.org
Sat Jul 2 10:50:25 UTC 2016 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/128233/#review97019
-----------------------------------------------------------




autotests/karchivetest.cpp (line 1097)
<https://git.reviewboard.kde.org/r/128233/#comment65549>

    That's not really a unit test, if the person running the test has to read the output ;)



src/kzip.cpp (line 699)
<https://git.reviewboard.kde.org/r/128233/#comment65550>

    This loses permission information (e.g. 0755 vs 0750 vs 0700). How about just access |= S_IFDIR, i.e. ensuring it's a dir and still using the permission information if present? Maybe adding 0700 too, so the user can do something with it ;)
    
    I'm thinking about use cases like zipping a directory for backup or transfer to another computer...
    
    The `zip` program does preserve permissions.
    Testcase:
    
    mkdir ziptest
    cd ziptest
    mkdir 700 750 755
    chmod 700 700
    chmod 750 750
    chmod 755 755
    ls -l
    zip -r my.zip 7*
    unzip -l *zip
    mkdir out
    cd out
    unzip ../*zip


- David Faure


On June 17, 2016, 11:10 p.m., Sune Vuorela wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/128233/
> -----------------------------------------------------------
> 
> (Updated June 17, 2016, 11:10 p.m.)
> 
> 
> Review request for KDE Frameworks and David Faure.
> 
> 
> Repository: karchive
> 
> 
> Description
> -------
> 
> Don't trust files claiming to be created on unix more than other files
>     
>     For some historical reasons, we special case zip files claiming to be
>     created on unix and trust the content regarding file rights a bit better.
>     
>     Zip files in the wild have shown to violate this, so don't trust them.
>     
>     Thanks to Jonathan Marten for the test case
>     
>     BUG: 364071
> 
> 
> Diffs
> -----
> 
>   autotests/data/unusual_but_valid_364071.zip PRE-CREATION 
>   autotests/karchivetest.h 4b7ecff 
>   autotests/karchivetest.cpp c8abddf 
>   src/kzip.cpp e7e8477 
> 
> Diff: https://git.reviewboard.kde.org/r/128233/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Sune Vuorela
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160702/1240d060/attachment.html>

More information about the Kde-frameworks-devel mailing list