|Subject:||Non-root can't do extractTree for archs containing dirs w/o own-writable perm.|
Hello, The problem is that if an arch contains dirs with permissions not allowing an owner to write, then this arch tree can't be extracted by non-root. As an example of such an arch the attached test.zip can be used. It contains dir test_dir and file test_dir/test_file: #ls -lR . .: total 4 dr-xr-xr-x 2 nobody nobody 4096 Aug 11 13:19 test_dir ./test_dir: total 4 -r--r--r-- 1 nobody nobody 9 Aug 11 13:30 test_file Try to extractTree the arch into /tmp/ as nobody(assuming you're root): su nobody -c 'perl -MArchive::Zip -e'\'' $z=Archive::Zip->new(); $z->read($ARGV); $z->extractTree("", "/tmp/")'\'' test.zip' -s /bin/sh It fails: IO error: Can't open file /tmp/test_dir/test_file for write : Permission denied at /usr/lib/perl5/site_perl/5.8.6/Archive/Zip.pm line 1791 Archive::Zip::Member::extractToFileNamed('Archive::Zip::ZipFileMember=HASH(0x8c14e0c)', '/tmp/test_dir/test_file') called at /usr/lib/perl5/site_perl/5.8.6/Archive/Zip.pm line 1179 Archive::Zip::Archive::extractTree('Archive::Zip::Archive=HASH(0x8bf9d4c)', '', '/tmp/') called at -e line 1 Yet it could be done with unzip: su nobody -c 'unzip -d /tmp test.zip' -s /bin/sh Archive: test.zip creating: /tmp/test_dir/ extracting: /tmp/test_dir/test_file I suggest to make all arch items own-writable while extracting an arch tree (in extractToFileNamed called from extractTree) and then set properly all permissions after extraction (in extractTree) Suggested patch will be attached to the next post. After this patch has been applied, the test.zip attached is extracted perfectly. Best regards Alexey Kravchuk
Message body not shown because it is not plain text.