| Fix for Unzipping in file manager. [message #47422] |
Mon, 24 November 2008 14:21  |
Lxhelp
Messages: 23691
Registered: July 2006 |
The Champion |
|
|
Lxadmin/HyperVM's file manager's unzipping code had an issue. It would unzip as root, and then chown the files to the particular user's ownership. This would work fine as long as the user was properly chrooted to his directory, but in the rare chance that user breaks out of his chroot, the unzip can be potential security hazard.
Now, unzip is 100% failsafe. The file manager now forks and creates a new process. In the new process it setuid to that particular user, and only then will it unzip the file. This means there is absolutely no way the it can cause any problem.
The reason why it was done the old way was that Windows does not have fork and setuid functions, and since the unzip function was shared between windows and Linux, it was not possible to implement it the proper way. Now, the file manager has separate code for unzipping in windows and linux and it will do it the right way on both OSes.
thanks.
|
|
|
|
|
| Re: Fix for Unzipping in file manager. [message #48748 is a reply to message #48746] |
Wed, 03 December 2008 13:39  |
Lxhelp
Messages: 23691
Registered: July 2006 |
The Champion |
|
|
The file manager is 100% transparent. It automatically recognizes tgz or zip, and will do accordingly. It doesn't recognize tar.gz at present, since it contains 2 extensions.
tgz and zip are recognized.
On Wed, Dec 03, 2008 at 06:30:38PM -0000, Dragomir Denev wrote:
>
>
> I second that
> --
> Dragomir Denev
> DGM
> http://www.dgm.bg
>
|
|
|
|
|
| Re: Fix for Unzipping in file manager. [message #48757 is a reply to message #48751] |
Wed, 03 December 2008 13:58 |
Lxhelp
Messages: 23691
Registered: July 2006 |
The Champion |
|
|
It is not File manager's fault. PHP's core function that splits the file name will give the extension as .gz rather than .tar.gz.
On Wed, Dec 03, 2008 at 06:41:42PM -0000, Dragomir Denev wrote:
>
>
> so do you say that you will make it recognize tar.gz soon?
|
|
|
| Re: Fix for Unzipping in file manager. [message #48758 is a reply to message #48751] |
Wed, 03 December 2008 14:00 |
Lxhelp
Messages: 23691
Registered: July 2006 |
The Champion |
|
|
Actually, the file manager DOES recognize tar.gz.
In fact, you can rename a tar.gz to .zip, and the file manager will recognize that it is a tar and untar it properly. It doesn't rely on the extension but rather uses the magic headers to find out what's the type of archive.
On Wed, Dec 03, 2008 at 06:41:42PM -0000, Dragomir Denev wrote:
>
>
> so do you say that you will make it recognize tar.gz soon?
|
|
|
HyperVM & Kloxo Support
Members
Search
Help
Register
Login
Home
