Quoting Niels Thykier (ni...@thykier.net): > Ok, are we guaranteed that pcgpath ends with the path separator? Consider:
No in fact I think we're guaranteed it won't. > "/foo/bar" > "/foo/bar2/somewhere-else" > > Unless the path separator is included in the end (i.e. it always uses > "/foo/bar/" instead of "/foo/bar"), then it might still be possible to > by-pass the prefix test. Indeed it will, thanks! I'm going to write a patch which commonizes the checks and takes care of this case. I'll get it into the next release and send a patch for jessie tonight or tomorrow. Note that ownership checks still apply, so the task in /foo/bar could only affect /foo/bar2 if it owns /foo/bar2. Or if it is root, but root in a privileged container will be locked under /lxc/$container. So this should be less urgent than the larger fix already addressed. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150212004810.GD8471@ubuntumail
