Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-25941

python3.12 defaults to fully trusted tarfile data filter

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-9.4
    • rhel-8.10, rhel-9.4, rhel-10.0
    • python3.12
    • None
    • python3.12-3.12.1-4.el8 python3.12-3.12.1-4.el9
    • None
    • None
    • rhel-sst-pt-python-ruby-nodejs
    • ssg_core_services
    • 5
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • All
    • None

      Pythons in RHEL default to the data filter in tarfile extraction via https://peps.python.org/pep-0706/ and https://access.redhat.com/articles/7004769

      Python 3.12 however follows the upstream (and Fedora) behavior, defaults to fully_trusted (with a DeprecationWarning).

      To reproduce, create a malformed archive, e.g. via:

      import tarfile

def mkinfo(name, **kwargs):
    tarinfo = tarfile.TarInfo(name=name)
    for name, value in kwargs.items():
        setattr(tarinfo, name, value)
    return tarinfo

with tarfile.open('evil.tar.gz', 'w:gz') as tf:
    tf.addfile(mkinfo('./pyproject.toml'))
    tf.addfile(mkinfo('./tmp', type=tarfile.SYMTYPE,
                      linkname='../../../../../../../../tmp'))
    tf.addfile(mkinfo('./tmp/poc'))

      (Run this in any Python.)

      Now unpack that archive with python3.11-3.11.7-1.el9 and python3.12-3.12.1-3.el9 and observe the difference.

      <mock-chroot> sh-5.1# python3.11 -X dev
Python 3.11.7 (main, Jan 22 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import tarfile
>>> with tarfile.open('evil.tar.gz', 'r:gz') as tf:
...     tf.extractall()
... 
/usr/lib64/python3.11/tarfile.py:2253: RuntimeWarning: The default behavior of tarfile extraction has been changed to disallow common exploits (including CVE-2007-4559). By default, absolute/parent paths are disallowed and some mode bits are cleared. See https://access.redhat.com/articles/7004769 for more details.
  warnings.warn(
Traceback (most recent call last):
  File "<stdin>", line 2, in <module>
  File "/usr/lib64/python3.11/tarfile.py", line 2298, in extractall
    tarinfo = self._get_extract_tarinfo(member, filter_function, path)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/tarfile.py", line 2352, in _get_extract_tarinfo
    self._handle_fatal_error(e)
  File "/usr/lib64/python3.11/tarfile.py", line 2350, in _get_extract_tarinfo
    tarinfo = filter_function(tarinfo, path)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/tarfile.py", line 827, in tar_filter
    new_attrs = _get_filtered_attrs(member, dest_path, False)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/tarfile.py", line 775, in _get_filtered_attrs
    raise OutsideDestinationError(member, target_path)
tarfile.OutsideDestinationError: './tmp' would be extracted to '/tmp', which is outside the destination

<mock-chroot> sh-5.1# python3.12 -X dev
Python 3.12.1 (main, Jan 18 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import tarfile
>>> with tarfile.open('evil.tar.gz', 'r:gz') as tf:
...     tf.extractall()
... 
/usr/lib64/python3.12/tarfile.py:2220: DeprecationWarning: Python 3.14 will, by default, filter extracted tar archives and reject files or modify their metadata. Use the filter argument to control this behavior.
  warnings.warn(

      The same problem is bound to happen on RHEL 8, 9 and 10.

              python-maint python-maint
              mhroncok@redhat.com Miro HronĨok
              python-maint python-maint
              Lukas Zachar Lukas Zachar
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: