Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 04 Jun 2026 01:16:52 +0000
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: f0ac411a7747 - stable/15 - bsdinstall: Use libarchive secure flags for extract
Message-ID:  <6a20d204.24ccc.3ac50ed9@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch stable/15 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=f0ac411a774775c5b89b82b9da4c7d51c762259c

commit f0ac411a774775c5b89b82b9da4c7d51c762259c
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2026-05-27 13:29:21 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2026-06-04 01:16:02 +0000

    bsdinstall: Use libarchive secure flags for extract
    
    This doesn't really matter, as we trust that the installer tarballs are
    not malicious, but it doesn't hurt to set these flags.
    
    Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
    Reviewed by: markj
    Sponsored by: The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D57274
    
    (cherry picked from commit f9f46294d6af2a937afa74938bd4bb6826cbb921)
---
 usr.sbin/bsdinstall/distextract/distextract.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/usr.sbin/bsdinstall/distextract/distextract.c b/usr.sbin/bsdinstall/distextract/distextract.c
index 32bd9453eb80..35cf19aae33f 100644
--- a/usr.sbin/bsdinstall/distextract/distextract.c
+++ b/usr.sbin/bsdinstall/distextract/distextract.c
@@ -291,6 +291,8 @@ extract_files(struct bsddialog_fileminibar *file)
 	/* If that went well, perform the extraction */
 	if (retval == ARCHIVE_OK)
 		retval = archive_read_extract(archive, entry,
+		    ARCHIVE_EXTRACT_SECURE_NODOTDOT |
+		    ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS |
 		    ARCHIVE_EXTRACT_TIME | ARCHIVE_EXTRACT_OWNER |
 		    ARCHIVE_EXTRACT_PERM | ARCHIVE_EXTRACT_ACL |
 		    ARCHIVE_EXTRACT_XATTR | ARCHIVE_EXTRACT_FFLAGS);
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a20d204.24ccc.3ac50ed9>