[buildd-tools-devel] Bug#605939: Bug#605939: Bug#605939: Bug#605939: Bug#605939: Regression: Chroots with periods in the name no longer work.
Roger Leigh
rleigh at codelibre.net
Mon Dec 6 17:42:45 UTC 2010
On Mon, Dec 06, 2010 at 09:28:39AM -0800, Zach Carter wrote:
> On Sunday 05 December 2010 13:25:57 Roger Leigh wrote:
> > Can anyone see any downside from being this permissive, or any
> > security implication I've not seen? (I'm only looking at pathname-
> > based security exploits here--is there anything else we need to
> > worry about?)
>
> Like lvm, it might be wise to check that btrfs supports the various allowed
> characters. I saw one reference to an old btrfs man page that disallows both
> types of slashes, however the current man page does not mention the
> restriction.
>
> I don't have time at the moment, but I can try to test some scenarios some
> time later this week.
That would be very useful, thanks. I did a few quick tests, and it
seems fairly permissive:
% sudo btrfs subvolume snapshot /srv/chroot/sid '/srv/chroot/!"£$%^&*()\\#~<>,.?\|'
Create a snapshot of '/srv/chroot/sid' in '/srv/chroot/!"£$%^&*()\\#~<>,.?\|'
% sudo btrfs subvolume snapshot /srv/chroot/sid "/srv/chroot/bb;:\\'@+=_-"
Create a snapshot of '/srv/chroot/sid' in '/srv/chroot/bb;:\'@+=_-'
% sudo btrfs subvolume snapshot /srv/chroot/sid '/srv/chroot/aa…•→ǒ¢™⁶'
Create a snapshot of '/srv/chroot/sid' in '/srv/chroot/aa…•→ǒ¢™⁶'
ravenclaw% ls -1 /srv/chroot
!"£$%^&*()\\#~<>,.?\|
aa…•→ǒ¢™⁶
bb;:\'@+=_-
sid
[…]
Thanks,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20101206/0ea430de/attachment-0001.pgp>
More information about the Buildd-tools-devel
mailing list