-
-
Notifications
You must be signed in to change notification settings - Fork 12.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fakeroot: 1.22 -> 1.23 #49191
fakeroot: 1.22 -> 1.23 #49191
Conversation
Do you think this should be backported? |
@GrahamcOfBorg build fakeroot hylafaxplus |
Success on x86_64-darwin (full log) Attempted: fakeroot The following builds were skipped because they don't evaluate on x86_64-darwin: hylafaxplus Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: fakeroot, hylafaxplus Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: fakeroot, hylafaxplus Partial log (click to expand)
|
I'll merge this. If you feel like backporting is needed, feel free to open a PR for it :) |
I'd want to look at how Hylafax uses fakeroot to determine whether there's any real risk here; if it looks like there is, I'll submit a separate PR with a backport. |
Motivation for this change
The shell wrapper for fakeroot 1.22 parses command-line arguments in such a way as to permit arguments which should be passed through as literal data to be evaluated as shell syntax; 1.23 fixes this.
If programs pass untrusted data through the argument list of commands run with fakeroot, this could potentially be security-impacting. Whether or not fakeroot is used in such a context, it's definitely a correctness issue.
Consider the below transcript, showing a simple command line correctly executed when invoked on its own or via fakeroot 1.23, but incorrectly executed from fakeroot 1.22:
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)