[debhelper-devel] Bug#894229: debhelper: dh_link confused by /./, /../ and leading //
Nicolas Boulenguez
nicolas at debian.org
Mon Mar 26 22:47:40 UTC 2018
Package: debhelper
Version: 11.1.5
Severity: minor
Hello.
The attached script demonstrates that dh_link produces not-policy
conformant symlinks when one of the paths contains '.' or '..' as
components, or with multiple leading directory separators.
Moreover, it may erase file outside the package directory when the new
name starts with ../foo, instead of interpreting it as /../foo and
replacing it with /foo as the documentation implies.
Either the documentation should forbid '.', '..' and multiple leading
/, and dh_link should fail when such an argument is detected, or all
such constructs should be correctly handled.
I suggest to
A/ fix the support for multiple leading separators
(which are accepted anywhere else)
B/ completely forbid '.' and '..' components.
B/ would simplify a lot the existing code, probably making A/ much
easyer.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dh_link-bugs.sh
Type: application/x-sh
Size: 510 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debhelper-devel/attachments/20180327/30d8c187/attachment-0003.sh>
More information about the debhelper-devel
mailing list