Skip Menu |

This queue is for tickets about the Archive-Zip CPAN distribution.

Report information
The Basics
Id: 14128
Status: open
Priority: 0/
Queue: Archive-Zip

Owner: Nobody in particular
Requestors: ak2 [...]

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)

Subject: Non-root can't do extractTree for archs containing dirs w/o own-writable perm.
Download (untitled) / with headers
text/plain 1.5k
Hello, The problem is that if an arch contains dirs with permissions not allowing an owner to write, then this arch tree can't be extracted by non-root. As an example of such an arch the attached can be used. It contains dir test_dir and file test_dir/test_file: #ls -lR . .: total 4 dr-xr-xr-x 2 nobody nobody 4096 Aug 11 13:19 test_dir ./test_dir: total 4 -r--r--r-- 1 nobody nobody 9 Aug 11 13:30 test_file Try to extractTree the arch into /tmp/ as nobody(assuming you're root): su nobody -c 'perl -MArchive::Zip -e'\'' $z=Archive::Zip->new(); $z->read($ARGV[0]); $z->extractTree("", "/tmp/")'\''' -s /bin/sh It fails: IO error: Can't open file /tmp/test_dir/test_file for write : Permission denied at /usr/lib/perl5/site_perl/5.8.6/Archive/ line 1791 Archive::Zip::Member::extractToFileNamed('Archive::Zip::ZipFileMember=HASH(0x8c14e0c)', '/tmp/test_dir/test_file') called at /usr/lib/perl5/site_perl/5.8.6/Archive/ line 1179 Archive::Zip::Archive::extractTree('Archive::Zip::Archive=HASH(0x8bf9d4c)', '', '/tmp/') called at -e line 1 Yet it could be done with unzip: su nobody -c 'unzip -d /tmp' -s /bin/sh Archive: creating: /tmp/test_dir/ extracting: /tmp/test_dir/test_file I suggest to make all arch items own-writable while extracting an arch tree (in extractToFileNamed called from extractTree) and then set properly all permissions after extraction (in extractTree) Suggested patch will be attached to the next post. After this patch has been applied, the attached is extracted perfectly. Best regards Alexey Kravchuk
application/x-zip-compressed 305b

Message body not shown because it is not plain text.

Download (untitled) / with headers
text/plain 108b
Trying to clean up some RT tickets here. Is this still an issue? Does the latest revision fix the problem?

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to