-
Notifications
You must be signed in to change notification settings - Fork 625
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reserve windows crate names. #695
Reserve windows crate names. #695
Conversation
These names will break cargo on windows machines if uploaded to the registry.
NOTE: I do not have a working dev environment for crates.io and I have NOT tested these migrations. |
(also I believe crates.io's namespace is case insensitive let me know if that's wrong) |
Also worth testing is whether crates.io has name length restrictions, as too long names could trigger similar situations. |
@est31 while i'm fixing this, could you create an issue to investigate long names? |
@carols10cents sure! #696 |
Staging deploy complete, deploying to production now. |
Production deploy done, and crate removed from the index. Please open new issues for any other problems. Thanks! |
This is covered by CWE-67 https://cwe.mitre.org/data/definitions/67.html and may need a CVE, I assume private rust repos are a possibility? |
Based on https://msdn.microsoft.com/en-us/library/aa578688.aspx you might want to avoid Various other sources confirm that for instance https://support.microsoft.com/en-us/help/74496/ms-dos-device-driver-names-cannot-be-used-as-file-names |
@jpluimers crate names cannot contain either $ or :. |
@withoutboats thanks. |
In rust-lang#695 we added all the documented reserved Windows file names to the list of reserved crate names, to prevent people from registering crates named that way and breaking all Windows users in the process. Unfortunately it turns out that COM0 and LPT0 are *also* reserved on Windows systems, but they're not documented in Microsoft's docs. This PR adds both names to the reserved crate names list. Note that the migration here is a no-op on the production crates.io instance, as both names were manually added to the database before opening this PR.
In rust-lang#695 we added all the documented reserved Windows file names to the list of reserved crate names, to prevent people from registering crates named that way and breaking all Windows users in the process. Unfortunately it turns out that COM0 and LPT0 are *also* reserved on Windows systems, but they're not documented in Microsoft's docs. This PR adds both names to the reserved crate names list. Note that the migration here is a no-op on the production crates.io instance, as both names were manually added to the database before opening this PR.
Add COM0 and LPT0 to the list of reserved crate names In #695 we added all the documented reserved Windows file names to the list of reserved crate names, to prevent people from registering crates named that way and breaking all Windows users in the process. Unfortunately it turns out that COM0 and LPT0 are *also* reserved on Windows systems, but they're not documented in Microsoft's docs. This PR adds both names to the reserved crate names list. Note that the migration here is a no-op on the production crates.io instance, as both names were manually added to the database before opening this PR. r? `@jtgeibel`
These names will break cargo on windows machines if uploaded to
the registry.