[buildd-tools-devel] Bug#605939: Bug#605939: Bug#605939: Bug#605939: Bug#605939: Regression: Chroots with periods in the name no longer work.

[Roger Leigh]

On Mon, Dec 06, 2010 at 09:28:39AM -0800, Zach Carter wrote:
> On Sunday 05 December 2010 13:25:57 Roger Leigh wrote:
> > Can anyone see any downside from being this permissive, or any
> > security implication I've not seen?  (I'm only looking at pathname-
> > based security exploits here--is there anything else we need to
> > worry about?)
> 
> Like lvm, it might be wise to check that btrfs supports the various allowed 
> characters.  I saw one reference to an old btrfs man page that disallows both 
> types of slashes, however the current man page does not mention the 
> restriction.
> 
> I don't have time at the moment, but I can try to test some scenarios some 
> time later this week.

That would be very useful, thanks.  I did a few quick tests, and it
seems fairly permissive:

% sudo btrfs subvolume snapshot /srv/chroot/sid '/srv/chroot/!"£$%^&*()\\#~<>,.?\|'
Create a snapshot of '/srv/chroot/sid' in '/srv/chroot/!"£$%^&*()\\#~<>,.?\|'
% sudo btrfs subvolume snapshot /srv/chroot/sid "/srv/chroot/bb;:\\'@+=_-" 
Create a snapshot of '/srv/chroot/sid' in '/srv/chroot/bb;:\'@+=_-'
% sudo btrfs subvolume snapshot /srv/chroot/sid '/srv/chroot/aa…•→ǒ¢™⁶'     
Create a snapshot of '/srv/chroot/sid' in '/srv/chroot/aa…•→ǒ¢™⁶'
ravenclaw% ls -1 /srv/chroot
!"£$%^&*()\\#~<>,.?\|
aa…•→ǒ¢™⁶
bb;:\'@+=_-
sid
[…]


Thanks,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20101206/0ea430de/attachment-0001.pgp>