restore file permissions when extracting zipfile

src/wormhole/cli/cmd_receive.py

@@ -285,14 +285,24 @@ class TwistedReceiver:
                   os.path.basename(self.abs_destname))
 
     def _write_directory(self, f):
+        def extract_file( zf, info, extract_dir ):
+            """
+            the zipfile module does not restore file permissions
+            so we'll do it manually
+            """
+            zf.extract( info.filename, path=extract_dir )
+
+            # not sure why zipfiles store the perms 16 bits away but they do
+            perm = info.external_attr >> 16L
+            out_path = os.path.join( extract_dir, info.filename )
+            os.chmod( out_path, perm )
+
         self._msg(u"Unpacking zipfile..")
         with self.args.timing.add("unpack zip"):
             with zipfile.ZipFile(f, "r", zipfile.ZIP_DEFLATED) as zf:
-                zf.extractall(path=self.abs_destname)
+                for info in zf.infolist():
-                # extractall() appears to offer some protection against
+                    extract_file( zf, info, self.abs_destname )
-                # malicious pathnames. For example, "/tmp/oops" and
+
-                # "../tmp/oops" both do the same thing as the (safe)
-                # "tmp/oops".
             self._msg(u"Received files written to %s/" %
                       os.path.basename(self.abs_destname))
             f.close()