diff options
| author | Jonathon Anderson <17242663+blue42u@users.noreply.github.com> | 2022-07-12 02:28:24 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-12 09:28:24 +0200 |
| commit | 25f198aa911ee4a99851a5b3f42465c798f04edd (patch) | |
| tree | 0ae6e52400f5c08e8545a074d8a7c55e20462820 /lib | |
| parent | 5bd1074afb79710c115fc64ce49f57c424235801 (diff) | |
| download | spack-25f198aa911ee4a99851a5b3f42465c798f04edd.tar.gz spack-25f198aa911ee4a99851a5b3f42465c798f04edd.tar.bz2 spack-25f198aa911ee4a99851a5b3f42465c798f04edd.tar.xz spack-25f198aa911ee4a99851a5b3f42465c798f04edd.zip | |
Sanitize ownership when extracting tarfiles (#31524)
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/spack/spack/util/compression.py | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/lib/spack/spack/util/compression.py b/lib/spack/spack/util/compression.py index 18c0a9ea5e..cbd5beddec 100644 --- a/lib/spack/spack/util/compression.py +++ b/lib/spack/spack/util/compression.py @@ -79,9 +79,15 @@ def _untar(archive_file): if tar_support() and not uncompress_required and\ not lzma_needed_and_not_available: import tarfile - tar = tarfile.open(archive_file) - tar.extractall() - tar.close() + + # Extract all members but wipe ownership info. This ensures we + # will not attempt to chown the files as superuser. + def filter(tarinfo): + tarinfo.uid = tarinfo.gid = 0 + tarinfo.uname = tarinfo.gname = 'root' + return tarinfo + with tarfile.open(archive_file) as tar: + tar.extractall(members=map(filter, tar.getmembers())) else: tar = which('tar', required=True) tar.add_default_arg('-oxf') |