Date: Thu, 28 May 2026 13:04:02 +0000 From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: f9f46294d6af - main - bsdinstall: Use libarchive secure flags for extract Message-ID: <6a183d42.45b69.1e442ab1@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=f9f46294d6af2a937afa74938bd4bb6826cbb921 commit f9f46294d6af2a937afa74938bd4bb6826cbb921 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2026-05-27 13:29:21 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2026-05-28 13:03:45 +0000 bsdinstall: Use libarchive secure flags for extract This doesn't really matter, as we trust that the installer tarballs are not malicious, but it doesn't hurt to set these flags. Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D57274 --- usr.sbin/bsdinstall/distextract/distextract.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr.sbin/bsdinstall/distextract/distextract.c b/usr.sbin/bsdinstall/distextract/distextract.c index 32bd9453eb80..35cf19aae33f 100644 --- a/usr.sbin/bsdinstall/distextract/distextract.c +++ b/usr.sbin/bsdinstall/distextract/distextract.c @@ -291,6 +291,8 @@ extract_files(struct bsddialog_fileminibar *file) /* If that went well, perform the extraction */ if (retval == ARCHIVE_OK) retval = archive_read_extract(archive, entry, + ARCHIVE_EXTRACT_SECURE_NODOTDOT | + ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS | ARCHIVE_EXTRACT_TIME | ARCHIVE_EXTRACT_OWNER | ARCHIVE_EXTRACT_PERM | ARCHIVE_EXTRACT_ACL | ARCHIVE_EXTRACT_XATTR | ARCHIVE_EXTRACT_FFLAGS);home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a183d42.45b69.1e442ab1>