Re: [devel] bad paths in rpm packages

ALT Linux Team development discussions
 help / color / mirror / Atom feed

From: Alexey Tourbin <at@altlinux.ru>
To: ALT Devel discussion list <devel@lists.altlinux.org>
Subject: Re: [devel] bad paths in rpm packages
Date: Wed, 26 Mar 2008 01:29:41 +0300
Message-ID: <20080325222941.GP31135@solemn.turbinal> (raw)
In-Reply-To: <20080325025003.GJ31135@solemn.turbinal>

[-- Attachment #1: Type: text/plain, Size: 2684 bytes --]

On Tue, Mar 25, 2008 at 05:50:03AM +0300, Alexey Tourbin wrote:
> Но тут всплыла другая проблема: путь может быть каноничен,
> но не кошерен.  rpm позволяет запаковать некошерный путь:
> 
> %install
> install -pD /dev/null %buildroot/etc/rc.d/init.d/functions
> ln -s rc.d/init.d %buildroot/etc/init.d
> %files
> /etc/init.d/functions
> 
> $ rpm -bb test.spec 
> ...
> warning: Installed (but unpackaged) file(s) found:
>     /etc/init.d
>     /etc/rc.d/init.d/functions
> Wrote: /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm
> $ rpm -qlvp /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm
> -rwxr-xr-x    1 root    root                0 Mar 20 18:50 /etc/init.d/functions
> $

Вроде сделал проверку, чтобы нельзя было запаковать файл в пути
которого встречается симлинк.


commit 5c12a6d19d7a03752eb0a2f57f7b21bdfaf91589
Author: Alexey Tourbin <at@altlinux>
Date:   Wed Mar 26 01:14:32 2008 +0300

    files.c (addFile): check that each intermediate path component is directory (not symlink)
    
    %install
    install -pD /dev/null %buildroot/etc/rc.d/init.d/functions
    ln -s rc.d/init.d %buildroot/etc/init.d
    %files
    /etc/init.d/functions
    /etc/init.d
    
    Old behaviour:
    lrwxrwxrwx    1 root    root               11 Mar 26 01:15 /etc/init.d -> rc.d/init.d
    -rwxr-xr-x    1 root    root                0 Mar 20 18:50 /etc/init.d/functions
    
    New behaviour:
    error: File path component must be directory (/tmp/.private/at/test-buildroot/etc/init.d): /tmp/.private/at/test-buildroot/etc/init.d/functions

diff --git a/build/files.c b/build/files.c
index 35d34be..0a1451f 100644
--- a/build/files.c
+++ b/build/files.c
@@ -1661,6 +1661,31 @@ static int addFile(FileList fl, const char * diskURL,
 	}
     }
 
+    /* intermediate path component must be directories, not symlinks */
+    {
+	struct stat st;
+	size_t du_len = strlen(diskURL);
+	char *du = alloca(du_len + 1);
+	char *p = du + du_len - strlen(fileURL);
+	strcpy(du, diskURL);
+	while ((p = strchr(p + 1, '/'))) {
+	    *p = '\0';
+	    if (Lstat(du, &st)) {
+		rpmError(RPMERR_BADSPEC, _("File not found: %s\n"), diskURL);
+		fl->processingFailed = 1;
+		return RPMERR_BADSPEC;
+	    }
+	    if (!S_ISDIR(st.st_mode)) {
+		rpmError(RPMERR_BADSPEC,
+			_("File path component must be directory (%s): %s\n"),
+			du, diskURL);
+		fl->processingFailed = 1;
+		return RPMERR_BADSPEC;
+	    }
+	    *p = '/';
+	}
+    }
+
     if ((! fl->isDir) && S_ISDIR(statp->st_mode)) {
 	/* We use our own ftw() call, because ftw() uses stat()    */
 	/* instead of lstat(), which causes it to follow symlinks! */

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

next prev parent reply	other threads:[~2008-03-25 22:29 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-24 23:07 Alexey Tourbin
2008-03-24 23:13 ` Dmitry V. Levin
2008-03-24 23:17   ` Alexey Tourbin
2008-03-24 23:20     ` Dmitry V. Levin
2008-03-25  2:50       ` Alexey Tourbin
2008-03-25  3:08         ` Alexey Tourbin
2008-03-25 22:29         ` Alexey Tourbin [this message]
2008-03-25  4:04       ` Alexey Tourbin
2008-03-25  0:05   ` Alexey Tourbin
2008-03-24 23:13 ` Alexey Tourbin
2008-03-24 23:42 ` Alexey Tourbin
2008-03-24 23:44   ` Alexey Tourbin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080325222941.GP31135@solemn.turbinal \
    --to=at@altlinux.ru \
    --cc=devel@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Team development discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
		devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
	public-inbox-index devel

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git