Bug 175937
| Summary: | zip allows no password deleting from password protected file | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | p thompson <pt> |
| Component: | zip | Assignee: | Ivana Varekova <varekova> |
| Status: | CLOSED WONTFIX | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4 | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-01-05 08:29:03 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I discussed this problem with zip/unzip maintainers. They write this behavior is right because it is technically trivial to delete password-protected files from archives. If the removal without password wasn't allowed someone could change it and it would be worse problem. That's why upstream does not try to do this operation password-protected, and lets this operation be this way. Users will be better aware what can be done password-protected and what can't. I think this is good reason to leave unzip this way. Thank you for your notice. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 Description of problem: zip allows files to be deleted from password protected zip files without knowing the password. Version-Release number of selected component (if applicable): zip-2.3-30 How reproducible: Always Steps to Reproduce: 1. create password protected zip file 2. etc 3. Actual Results: [thompson@monotheletisia new]$ zip -d infected.zip imgma.jpg deleting: imgma.jpg [thompson@monotheletisia new]$ unzip -t infected.zip Archive: infected.zip [infected.zip] enter1.htm password: testing: enter1.htm OK testing: count2.gif OK No errors detected in compressed data of infected.zip. Additional info: