search

fossasia / meilix-generator

WebApp for generating a custom ISO image based on Meilix http://meilix.org
GNU Lesser General Public License v3.0
1.53k stars 112 forks source link

Check for absolute paths #312

Open tabesin opened 6 years ago

tabesin commented 6 years ago

I'm submitting a ... (check one with "x")

Actual Behaviour The zip files contents are to be put on the desktop of Meilix. However we do not check if they contain files with absolute paths which should not be the case.

Expected Behaviour Some reasonable, or even heuristic checking if the zips when unpacked in the Desktop folder would stay in the users home dir, in other words only contain relative paths. As we may unpack the zips with root privilege that may become also a security risk.

Example A file /home/egon/desktop/presentations/mypresentation.ppt should not be packed but a contained /presentations/mypresentation.ppt would be useful because when the home directory is e.g. /home/peter the files won't end up there.

Mind that we may support multiple zip formats here like .tar.gz and .zip.

sarnava1 commented 6 years ago

Any GCI participants doing this?

sarnava1 commented 6 years ago

@Stealthinator16 you can have a try here.