diff options
| author | Tails developers <amnesia@boum.org> | 2012-02-20 11:44:04 +0100 |
|---|---|---|
| committer | Daniel Baumann <daniel@debian.org> | 2012-04-05 07:46:56 +0200 |
| commit | 880508024e177d800318827e109d603916050a15 (patch) | |
| tree | 705376e5c200de851d29b88fbd09392e880ac321 /scripts | |
| parent | 2c55cb63431dcecab209ed5c4f477fd8681b8530 (diff) | |
| download | live-boot-880508024e177d800318827e109d603916050a15.tar.gz live-boot-880508024e177d800318827e109d603916050a15.zip | |
Don't allow . or .. in live.persist paths.
Allowing it could cause serious breakage, and there's absolutely no
need for it.
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/live-helpers | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/scripts/live-helpers b/scripts/live-helpers index f13be57..26783f1 100644 --- a/scripts/live-helpers +++ b/scripts/live-helpers @@ -1281,10 +1281,15 @@ get_custom_mounts () dest="${source}" fi - if echo ${dest} | grep -qe "^/\+$\|^/\+live\(/.*\)\?$" + if trim_path ${source} | grep -qe "^\(.*/\)\?\.\.\?\(/.*\)\?$" then - # mounting on / or /live could cause trouble - log_warning_msg "Skipping unsafe custom mount on ${dest}" + log_warning_msg "Skipping unsafe custom mount with source ${source}: the source is a relative or absolute path w.r.t. the persistent media root and cannot use \".\" or \"..\"" + continue + fi + + if trim_path ${dest} | grep -q -e "^/$" -e "^/live\(/.*\)\?$" -e "^/\(.*/\)\?\.\.\?\(/.*\)\?$" + then + log_warning_msg "Skipping unsafe custom mount with desination ${dest}: the destination must be an absolute path using neither \".\" nor \"..\", and cannot be /live (or any sub-directory therein) or / (for the latter, use ${root_overlay_label}-type persistence instead)" continue fi @@ -1481,6 +1486,6 @@ fix_home_rw_compatibility () if [ ! -r "${include_list}" ] then echo "# home-rw backwards compatibility: -. /home" > "${include_list}" +/ /home" > "${include_list}" fi } |