[OE-core] [PATCH v1] wic: Add --exclude-path option to rootfs source plugin.
Kristian Amlie
kristian.amlie at mender.io
Mon Nov 28 11:00:24 UTC 2016
On 28/11/16 11:46, Ed Bartosh wrote:
> On Mon, Nov 28, 2016 at 08:07:05AM +0100, Kristian Amlie wrote:
>> On 25/11/16 17:33, Ed Bartosh wrote:
>>> On Fri, Nov 25, 2016 at 01:35:53PM +0100, Kristian Amlie wrote:
>>>> On 25/11/16 13:28, Maciej Borzęcki wrote:
>>>>> On Fri, Nov 25, 2016 at 11:15 AM, Kristian Amlie
>>>>>> + # Disallow '..', because doing so could be quite disastrous
>>>>>> + # (we will delete the directory).
>>>>>> + remaining = path
>>>>>> + while True:
>>>>>> + (head, tail) = os.path.split(remaining)
>>>>>> + if tail == '..':
>>>>>> + msger.error("'..' not allowed: --exclude-path=%s" % orig_path)
>>>>>> + elif head == "":
>>>>>> + break
>>>>>> + remaining = head
>>>>>
>>>>> Why not do this instead?
>>>>>
>>>>> if '..' in path:
>>>>> msger.error("'..' not allowed: --exclude-path=%s" % orig_path)
>>>>>
>>> would "'/..' in path" or something similar work?
>>
>> '/..my-file' is a valid file name, so no, it wouldn't work. I realize
>> that this would be uncommon, and it makes the check more complex, so I'm
>> ok with making it simpler if you want me to, but we have to trade
>> simplicity for correctness in that case.
>>
> OK, makes sense.
>
> Would something like this work for you?
>
>> mkdir -p /tmp/rootfs/bla/bla/bla/bla
>> python -c "import os;print os.path.realpath('/tmp/rootfs/bla/../bla/../bla/../bla/../').startswith('/tmp/rootfs/')"
> False
>> python -c "import os;print os.path.realpath('/tmp/rootfs/bla/../bla/../bla/bla/../').startswith('/tmp/rootfs/')"
> True
Ah, that's a good idea, makes it much simpler, and is still correct. I
will change to that.
--
Kristian
More information about the Openembedded-core
mailing list