chicken-hackers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-hackers] [patch] disallow slashes in egg names, ignore . and ..


From: Christian Kellermann
Subject: [Chicken-hackers] [patch] disallow slashes in egg names, ignore . and ..
Date: Fri, 24 Feb 2012 21:10:27 +0100
User-agent: Mutt/1.5.21 (2010-09-15)

Dear fellow hackers,

please find a patch attached to mitigate the potential security
issue in henrietta by allowing "egg names" which can be interpreted
as paths.

Thanks to hypnocat for noticing this. Originally this has been a
misunderstanding where the user wanted to install an egg from a
local directory by issuing 'chicken-install .'. This is now ignored
as well as its big brother '..'. Any slash in an egg name will
trigger an error.

Please review and push / comment!

Thanks,

Christian

-- 
Who can (make) the muddy water (clear)? Let it be still, and it will
gradually become clear. Who can secure the condition of rest? Let
movement go on, and the condition of rest will gradually arise.
 -- Lao Tse. 

Attachment: 0001-Ignore-.-and-.-forbid-slashes-in-egg-names-in-chicke.patch
Description: Text document


reply via email to

[Prev in Thread] Current Thread [Next in Thread]