[buildd-tools-devel] Bug#605939: Bug#605939: Bug#605939: Regression: Chroots with periods in the name no longer work.
Roger Leigh
rleigh at codelibre.net
Sun Dec 5 23:05:51 UTC 2010
tags 605939 + fixed-upstream pending
thanks
On Sun, Dec 05, 2010 at 10:22:31PM +0000, Roger Leigh wrote:
> severity 605939 serious
> thanks
>
> Given the fact that this can break people's configurations when
> upgrading from lenny, I'm inclined to raise the severity to
> serious.
>
> I'm happy to fix this upstream now that I've gone through the
> code to check exactly what the name is used for. I've made
> an initial commit on the master and schroot-1.4 branches to
> fix this, and once we're sure it also doesn't look at editor
> backups in addition to dpkg conffile data, I'll make a new
> release with this bugfix.
This is hopefully fixed in git. This is the logic we're using:
bool
sbuild::is_valid_sessionname (std::string const& name)
{
bool match = false;
static regex file_namespace("^[^:/,.][^:/,]*$");
static regex editor_backup("~$");
static regex debian_dpkg_conffile_cruft("dpkg-(old|dist|new|tmp)$");
if (regex_search(name, file_namespace) &&
!regex_search(name, editor_backup) &&
!regex_search(name, debian_dpkg_conffile_cruft)) {
match = true;
}
return match;
}
If there are no objections and we're correctly picking out all editor
and dpkg backup files, I think this is fixed.
From the updated documentation:
CHROOT NAMES
A number of characters or words are not permitted in a chroot name, session
name or configuration filename. The name may not contain a leading period
(‘.’). The characters ‘:’ (colon), ‘,’ (comma) and ‘/’ (forward slash) are
not permitted anywhere in the name. The name may also not contain a trail‐
ing tilde (‘~’). The rationale for these restrictions is given below.
‘.’ A leading period could be used to create a name with a relative path
in it, in combination with ‘/’, and this could allow overwriting of
files on the host filesystem. Not allowing this character also means
hidden files cannot be created. It also means some editor backups
are automatically ignored. Periods are allowed anywhere else in the
name.
‘:’ A colon is used as a namespace delimiter, and so is not permitted as
part of a chroot or session name. LVM snapshot names may also not
contain this character due to a naming restriction by lvcreate(8).
‘/’ Names containing this character are not valid filenames. A forward
slash would potentially allow creation of files in subdirectories.
‘,’ Commas are used to separate items in lists. Aliases are separated by
commas and hence can't contain commas in their name.
‘~’ Filenames containing trailing tildes are used for editor backup
files, which are ignored. Tildes are allowed anywhere else in the
name.
‘dpkg-old’
‘dpkg-dist’
‘dpkg-new’
‘dpkg-tmp’
These names may not appear at the end of a name. These are saved
copies of conffiles used by the dpkg package manager, and will be
ignored.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20101205/01a55489/attachment-0001.pgp>
More information about the Buildd-tools-devel
mailing list