Review Request 128233: Don't trust files claiming to be created on unix more than other files
Sune Vuorela
kde at pusling.com
Sun Jul 3 12:59:42 UTC 2016
> On July 2, 2016, 10:50 a.m., David Faure wrote:
> > autotests/karchivetest.cpp, line 1097
> > <https://git.reviewboard.kde.org/r/128233/diff/1/?file=469181#file469181line1097>
> >
> > That's not really a unit test, if the person running the test has to read the output ;)
heh. I the qdebug was a leftover, and the important part of the unit test was that we didn't end up hitting asserts. I'll do some output verification.
> On July 2, 2016, 10:50 a.m., David Faure wrote:
> > src/kzip.cpp, line 699
> > <https://git.reviewboard.kde.org/r/128233/diff/1/?file=469182#file469182line699>
> >
> > This loses permission information (e.g. 0755 vs 0750 vs 0700). How about just access |= S_IFDIR, i.e. ensuring it's a dir and still using the permission information if present? Maybe adding 0700 too, so the user can do something with it ;)
> >
> > I'm thinking about use cases like zipping a directory for backup or transfer to another computer...
> >
> > The `zip` program does preserve permissions.
> > Testcase:
> >
> > mkdir ziptest
> > cd ziptest
> > mkdir 700 750 755
> > chmod 700 700
> > chmod 750 750
> > chmod 755 755
> > ls -l
> > zip -r my.zip 7*
> > unzip -l *zip
> > mkdir out
> > cd out
> > unzip ../*zip
Ok.
I might also be adding that as a unit test.
- Sune
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/128233/#review97019
-----------------------------------------------------------
On June 17, 2016, 11:10 p.m., Sune Vuorela wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/128233/
> -----------------------------------------------------------
>
> (Updated June 17, 2016, 11:10 p.m.)
>
>
> Review request for KDE Frameworks and David Faure.
>
>
> Repository: karchive
>
>
> Description
> -------
>
> Don't trust files claiming to be created on unix more than other files
>
> For some historical reasons, we special case zip files claiming to be
> created on unix and trust the content regarding file rights a bit better.
>
> Zip files in the wild have shown to violate this, so don't trust them.
>
> Thanks to Jonathan Marten for the test case
>
> BUG: 364071
>
>
> Diffs
> -----
>
> autotests/data/unusual_but_valid_364071.zip PRE-CREATION
> autotests/karchivetest.h 4b7ecff
> autotests/karchivetest.cpp c8abddf
> src/kzip.cpp e7e8477
>
> Diff: https://git.reviewboard.kde.org/r/128233/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Sune Vuorela
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160703/9f9b765f/attachment.html>
More information about the Kde-frameworks-devel
mailing list