bsdinstall: Use libarchive secure flags for extract
This doesn't really matter, as we trust that the installer tarballs are not malicious, but it doesn't hurt to set these flags. Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D57274
This commit is contained in:
@@ -291,6 +291,8 @@ extract_files(struct bsddialog_fileminibar *file)
|
||||
/* If that went well, perform the extraction */
|
||||
if (retval == ARCHIVE_OK)
|
||||
retval = archive_read_extract(archive, entry,
|
||||
ARCHIVE_EXTRACT_SECURE_NODOTDOT |
|
||||
ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS |
|
||||
ARCHIVE_EXTRACT_TIME | ARCHIVE_EXTRACT_OWNER |
|
||||
ARCHIVE_EXTRACT_PERM | ARCHIVE_EXTRACT_ACL |
|
||||
ARCHIVE_EXTRACT_XATTR | ARCHIVE_EXTRACT_FFLAGS);
|
||||
|
||||
Reference in New Issue
Block a user