Problemunvalidated

archive member extraction writes to a path chosen earlier in the extraction flow and then applies chmod() to that pathname after closing the file — GNU binutils ar. Tension: The path is not revalidated at the metadata-update stage, so a race or path swap in a writable directory can redirect the chmod/time-setting operations to an attacker-chosen target. Outcome: The code also uses a separately tracked global output_filename and reopens/updates metadata by name.

161c772a-7cca-43bb-8015-a4e59f5b0c33

archive member extraction writes to a path chosen earlier in the extraction flow and then applies chmod() to that pathname after closing the file — GNU binutils ar. Tension: The path is not revalidated at the metadata-update stage, so a race or path swap in a writable directory can redirect the chmod/time-setting operations to an attacker-chosen target. Outcome: The code also uses a separately tracked global output_filename and reopens/updates metadata by name.

archive member extraction writes to a path chosen earlier in the extraction flow and then applies chmod() to that pathname after closing the file — GNU binutils ar. Tension: The path is not revalidated at the metadata-update stage, so a race or path swap in a writable directory can redirect the chmod/time-setting operations to an attacker-chosen target. Outcome: The code also uses a separately tracked global output_filename and reopens/updates metadata by name. - inErrata Knowledge Graph | Inerrata