lmstudio-ai / venvstacks

Virtual environment stacks for Python
https://lmstudio-ai.github.io/venvstacks/
MIT License
1 stars 0 forks source link

Ensure `tar_info` extraction filter compatibility in runtime archives #23

Closed ncoghlan closed 1 week ago

ncoghlan commented 1 week ago

The python-build-standalone CPython runtime tarballs are currently being unpacked in "fully trusted" mode (the tarfile module's default in Python 3.13 and earlier).

To avoid a Python 3.14 compatibility issue (where the default is changing to data_filter mode), I attempted to enable the tar_filter mode which prevents the potential security issues with fully trusted tarballs, but still allows full use of various tarfile features that are needed when shipping a CPython runtime archive.

This change revealed that the python-build-standalone archives are enabling group write permissions on many of the files in the runtime bundles (https://github.com/indygreg/python-build-standalone/issues/349), so enabling tar_filter means changing the expected hashes of the CPython runtimes (since it clears those group write permission flags).

To avoid introducing a discrepancy between Python 3.12+ and Python 3.11 (which doesn't support tar extraction filters), the change to clear the group and world write permissions on files in published archives also needs to be enforced by venvstacks itself (so even if the runtime files get unpacked into the build folder with 0o664 permissions, they'll still be set to 0o644 in the layer archive)