[debhelper-devel] [Git][debian/debhelper][master] dh_usrlocal: Abort on known unsafe directory names
Niels Thykier
gitlab at salsa.debian.org
Sat Apr 7 10:43:24 UTC 2018
Niels Thykier pushed to branch master at Debian / debhelper
Commits:
1db0bd88 by Niels Thykier at 2018-04-07T10:41:20+00:00
dh_usrlocal: Abort on known unsafe directory names
Signed-off-by: Niels Thykier <niels at thykier.net>
- - - - -
3 changed files:
- debian/changelog
- dh_usrlocal
- t/dh_usrlocal/01-basic.t
Changes:
=====================================
debian/changelog
=====================================
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,8 @@ debhelper (11.2) UNRELEASED; urgency=medium
* debhelper.7: Recommend packagers to use "debian/<pkg>.<file>"
over "debian/<file>" in most cases. Thanks to Johannes
Schauer for the suggestion.
+ * dh_usrlocal: Implement a simple guard for directories that
+ will likely cause issues in the shell snippets.
[ Nicolas Boulenguez ]
* dh_installxfonts: Fix typo that causes a misc:Depends on
=====================================
dh_usrlocal
=====================================
--- a/dh_usrlocal
+++ b/dh_usrlocal
@@ -98,6 +98,12 @@ foreach my $package (@{$dh{DOPACKAGES}}) {
my $fn = $File::Find::name;
$fn =~ s!^\Q$tmp\E!!;
return if $fn eq '/usr/local';
+ # Detect some obvious cases of "this will not end
+ # well". We rely on what "while read dir ... ; do"
+ # can handle for correctness.
+ if ($fn =~ m{[\s!'"\$()*#;<>?@\[\]\\`|]}) {
+ error("Cannot generate a correct shell script for $fn due to shell metacharacters");
+ }
if (should_use_root()) {
my $stat = stat $File::Find::dir;
if ($stat->uid == 0 && $stat->gid == 0) {
=====================================
t/dh_usrlocal/01-basic.t
=====================================
--- a/t/dh_usrlocal/01-basic.t
+++ b/t/dh_usrlocal/01-basic.t
@@ -61,6 +61,7 @@ each_compat_subtest {
rm_files(@scripts);
install_dir('debian/debhelper/usr/local/foo/dir/somewhere');
install_dir('debian/debhelper/usr/local/bar/another-dir/elsewhere');
+ install_dir('debian/debhelper/usr/local/baz/foo+bar/thing');
ok(run_dh_tool('dh_usrlocal'));
@@ -71,6 +72,9 @@ each_compat_subtest {
'/usr/local/bar 02775 root staff',
'/usr/local/bar/another-dir 02775 root staff',
'/usr/local/bar/another-dir/elsewhere 02775 root staff',
+ '/usr/local/baz 02775 root staff',
+ '/usr/local/baz/foo+bar 02775 root staff',
+ '/usr/local/baz/foo+bar/thing 02775 root staff',
'/usr/local/foo 02775 root staff',
'/usr/local/foo/dir 02775 root staff',
'/usr/local/foo/dir/somewhere 02775 root staff',
@@ -79,6 +83,8 @@ each_compat_subtest {
is_deeply(\@prerm, [
'/usr/local/bar/another-dir/elsewhere',
'/usr/local/bar/another-dir',
+ '/usr/local/baz/foo+bar/thing',
+ '/usr/local/baz/foo+bar',
'/usr/local/foo/dir/somewhere',
'/usr/local/foo/dir',
], "Correct dir removal")
View it on GitLab: https://salsa.debian.org/debian/debhelper/commit/1db0bd881f3329198415a08af61d01b0b8ba92ed
---
View it on GitLab: https://salsa.debian.org/debian/debhelper/commit/1db0bd881f3329198415a08af61d01b0b8ba92ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/debhelper-devel/attachments/20180407/f8f1a828/attachment-0001.html>
More information about the debhelper-devel
mailing list