1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1091169: sbuild unshare mode unhappy about symlink'd tarballs

    From Johannes Schauer Marin Rodrigues@21:1/5 to All on Thu Jan 2 19:30:02 2025
    Hi,

    Quoting Antoine Beaupré (2025-01-01 03:52:54)
    Essentially, we do not pass a path to zstd anymore but we let sbuild open the path and then pass the filedescriptor to what we opened to zstd via its standard input.

    Ah yes, that would work of course!

    Probably harmless in terms of security too... riiight? :)

    yes. Do you have any suspicions why it would not be harmless?

    Thanks!

    cheers, josch
    --==============#70204361541681437=MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    Content-Description: signature
    Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEElFhU6KL81LF4wVq58sulx4+9g+EFAmd22D4ACgkQ8sulx4+9 g+HRfw//b8oBkm9B/fN1VblS++YDZ4msbM4heL+adWBKnYA4hypE7NU2e5XjwO3F KwLQqXImjn4j3075bxkC1Z5zfTcsofrUchL5nqbi+qg4pIvBJvck3IocWKMuQzwH +sk+/mvyRYmJMqt5VTpTpTKmf6k2jv950fDXEmeAGyQSV/z7wd93jFg9M4YZailr uqjICaZAUXXcbdioZOyAemjPdzUleSPnq4CZXUdgnjYeHmAWPy2WgnQYB66V2Plm rxnyRr1hZDYfeRviRwpYtXDptKoGRCVr+bpkhgR8uWUJ3nimorzJ2SYk+BGFTaEI gc904e9InvCCRLlgcL4gd+M9GTLwShW+Vl2GRWWtcqxjnazEQ5m6hIszf7Ets5ZT exr53/61p2R1y5AotmujY1fHcx5/TMnvk6IJgwKhyLeANgUKmgG9qWhFu/YCrV0v r0oLzYgS1+B6F5F+DbRcz1swaRBbR6ahwSu5j1OadpD1F+mP6iY8We62NN3NGdhl HG/SPT2SiMQmfiodi4sDfierXFddvqlcQ8cn+Sr+B438fKBJCxoD/yuIjvYgauKr ny7G2COIsXZqTMM92QhRI9qAxwCa41vjAtz8KwedUdNErqkfbgfgwUozuf43kMrK iTK9tDo57GP1w6oRfc0Y0juIi9932H3ajjSzjORvVH/B9/wzXzg=
    =YSji
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?utf-8?Q?Antoine_Beaupr=C3=A9?=@21:1/5 to Johannes Schauer Marin Rodrigues on Fri Jan 3 01:20:01 2025
    On 2025-01-02 19:17:38, Johannes Schauer Marin Rodrigues wrote:
    Hi,

    Quoting Antoine Beaupré (2025-01-01 03:52:54)
    Essentially, we do not pass a path to zstd anymore but we let sbuild open >> > the path and then pass the filedescriptor to what we opened to zstd via its
    standard input.

    Ah yes, that would work of course!

    Probably harmless in terms of security too... riiight? :)

    yes. Do you have any suspicions why it would not be harmless?

    For reading files? Not really. And especially in this context, where the
    cache directory is owned by the user, I can't really think of an attack
    vector there that wouldn't already otherwise give the attacker RCE
    access (ie. if i can write to your ~/.cache i can write to your
    ~/.bashrc).

    a.
    --
    Any sufficiently advanced technology is indistinguishable from magic.
    - Arthur C. Clarke

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)