bsdinstall: Use libarchive secure flags for extract

This doesn't really matter, as we trust that the installer tarballs are
not malicious, but it doesn't hurt to set these flags.

Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57274
This commit is contained in:
Ed Maste
2026-05-27 09:29:21 -04:00
parent fc9dc84823
commit f9f46294d6
@@ -291,6 +291,8 @@ extract_files(struct bsddialog_fileminibar *file)
/* If that went well, perform the extraction */
if (retval == ARCHIVE_OK)
retval = archive_read_extract(archive, entry,
ARCHIVE_EXTRACT_SECURE_NODOTDOT |
ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS |
ARCHIVE_EXTRACT_TIME | ARCHIVE_EXTRACT_OWNER |
ARCHIVE_EXTRACT_PERM | ARCHIVE_EXTRACT_ACL |
ARCHIVE_EXTRACT_XATTR | ARCHIVE_EXTRACT_FFLAGS);