Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reserve windows crate names. #695

Merged

Conversation

withoutboats
Copy link
Contributor

@withoutboats withoutboats commented Apr 30, 2017

These names will break cargo on windows machines if uploaded to
the registry.

These names will break cargo on windows machines if uploaded to
the registry.
@withoutboats
Copy link
Contributor Author

withoutboats commented Apr 30, 2017

NOTE: I do not have a working dev environment for crates.io and I have NOT tested these migrations.

@withoutboats
Copy link
Contributor Author

withoutboats commented Apr 30, 2017

(also I believe crates.io's namespace is case insensitive let me know if that's wrong)

@est31
Copy link

est31 commented Apr 30, 2017

Also worth testing is whether crates.io has name length restrictions, as too long names could trigger similar situations.

@carols10cents carols10cents merged commit f1e4e4d into rust-lang:master Apr 30, 2017
@carols10cents
Copy link
Member

carols10cents commented Apr 30, 2017

@est31 while i'm fixing this, could you create an issue to investigate long names?

@est31
Copy link

est31 commented Apr 30, 2017

@carols10cents sure! #696

@carols10cents
Copy link
Member

carols10cents commented Apr 30, 2017

Staging deploy complete, deploying to production now.

@carols10cents
Copy link
Member

carols10cents commented Apr 30, 2017

Production deploy done, and crate removed from the index. Please open new issues for any other problems. Thanks!

@kurtseifried
Copy link

kurtseifried commented May 10, 2017

This is covered by CWE-67 https://cwe.mitre.org/data/definitions/67.html and may need a CVE, I assume private rust repos are a possibility?

@jpluimers
Copy link

jpluimers commented May 14, 2017

Based on https://msdn.microsoft.com/en-us/library/aa578688.aspx you might want to avoid CLOCK$ and drive letters like A: as well.

Various other sources confirm that for instance https://support.microsoft.com/en-us/help/74496/ms-dos-device-driver-names-cannot-be-used-as-file-names

@withoutboats
Copy link
Contributor Author

withoutboats commented May 14, 2017

@jpluimers crate names cannot contain either $ or :.

@jpluimers
Copy link

jpluimers commented May 15, 2017

@withoutboats thanks.

pietroalbini added a commit to pietroalbini/crates.io that referenced this pull request Feb 10, 2021
In rust-lang#695 we added all the documented reserved Windows file names to the
list of reserved crate names, to prevent people from registering crates
named that way and breaking all Windows users in the process.

Unfortunately it turns out that COM0 and LPT0 are *also* reserved on
Windows systems, but they're not documented in Microsoft's docs. This PR
adds both names to the reserved crate names list.

Note that the migration here is a no-op on the production crates.io
instance, as both names were manually added to the database before
opening this PR.
pietroalbini added a commit to pietroalbini/crates.io that referenced this pull request Feb 10, 2021
In rust-lang#695 we added all the documented reserved Windows file names to the
list of reserved crate names, to prevent people from registering crates
named that way and breaking all Windows users in the process.

Unfortunately it turns out that COM0 and LPT0 are *also* reserved on
Windows systems, but they're not documented in Microsoft's docs. This PR
adds both names to the reserved crate names list.

Note that the migration here is a no-op on the production crates.io
instance, as both names were manually added to the database before
opening this PR.
bors added a commit that referenced this pull request Feb 13, 2021
Add COM0 and LPT0 to the list of reserved crate names

In #695 we added all the documented reserved Windows file names to the list of reserved crate names, to prevent people from registering crates named that way and breaking all Windows users in the process.

Unfortunately it turns out that COM0 and LPT0 are *also* reserved on Windows systems, but they're not documented in Microsoft's docs. This PR adds both names to the reserved crate names list.

Note that the migration here is a no-op on the production crates.io instance, as both names were manually added to the database before opening this PR.

r? `@jtgeibel`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants