Skip to content

Commit ad2d853

Browse files
authored
Fix symlink-following arbitrary file write in archive extraction (#8303)
Extractor.extract() called shutil.rmtree(output_path, ignore_errors=True) before extracting. Since Python 3.8, shutil.rmtree() raises OSError on a symlink pointing to a directory, which ignore_errors=True silently swallows. An attacker with write access to a shared cache directory could pre-plant a symlink at the predictable extraction output path; rmtree would no-op on it, and extraction would then follow the symlink and write archive contents into the attacker-chosen target, yielding arbitrary file write as the victim. The existing safemembers() zip-slip mitigation only validates member names and is blind to the output directory itself being a symlink. Remove the symlink itself before extracting so contents can no longer be written through it.
1 parent 69939eb commit ad2d853

1 file changed

Lines changed: 2 additions & 0 deletions

File tree

src/datasets/utils/extract.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -439,6 +439,8 @@ def extract(
439439
# Prevent parallel extractions
440440
lock_path = str(Path(output_path).with_suffix(".lock"))
441441
with FileLock(lock_path):
442+
if os.path.islink(output_path):
443+
os.unlink(output_path)
442444
shutil.rmtree(output_path, ignore_errors=True)
443445
extractor = cls.extractors[extractor_format]
444446
return extractor.extract(input_path, output_path)

0 commit comments

Comments
 (0)