[OE-core] [PATCH v1] wic: Add --exclude-path option to rootfs source plugin.
Kristian Amlie
kristian.amlie at mender.io
Mon Nov 28 07:07:05 UTC 2016
On 25/11/16 17:33, Ed Bartosh wrote:
> On Fri, Nov 25, 2016 at 01:35:53PM +0100, Kristian Amlie wrote:
>> On 25/11/16 13:28, Maciej Borzęcki wrote:
>>> On Fri, Nov 25, 2016 at 11:15 AM, Kristian Amlie
>>>> + # Disallow '..', because doing so could be quite disastrous
>>>> + # (we will delete the directory).
>>>> + remaining = path
>>>> + while True:
>>>> + (head, tail) = os.path.split(remaining)
>>>> + if tail == '..':
>>>> + msger.error("'..' not allowed: --exclude-path=%s" % orig_path)
>>>> + elif head == "":
>>>> + break
>>>> + remaining = head
>>>
>>> Why not do this instead?
>>>
>>> if '..' in path:
>>> msger.error("'..' not allowed: --exclude-path=%s" % orig_path)
>>>
> would "'/..' in path" or something similar work?
'/..my-file' is a valid file name, so no, it wouldn't work. I realize
that this would be uncommon, and it makes the check more complex, so I'm
ok with making it simpler if you want me to, but we have to trade
simplicity for correctness in that case.
--
Kristian
More information about the Openembedded-core
mailing list