Re: [Stable 7] CPIO breakage/
On Thu, 2010-06-17 at 15:13 -0700, Xin LI wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2010/06/17 13:53, Peter Jeremy wrote: On 2010-Jun-15 17:22:50 -0700, Xin LI delp...@delphij.net wrote: On 2010/06/15 17:05, Sean Bruno wrote: A little more background. It looks like symlinks are getting stripped of their '/' which sucks. Ideas? ... e.g. /home/foo/bar - /opt/baz/blob becomes home/foo/bar - opt/baz/blob Yuck. This is a security measurement I think. Can someone please explain how stripping a leading '/' off the destination of a symlink enhances security? The destination is not being written to. --absolute-filenames disables this behavior. This definitely reduces security and would seem to be far more dangerous than being able to create symlinks to absolute pathnames. Sorry I have misunderstood the original issue. It's the link target being mangled and doesn't seem right to me. I'll ask the author about this. The attached patch should restore the old behavior. Cheers, - -- Xin LI delp...@delphij.net http://www.delphij.net/ FreeBSD - The Power to Serve!Live free or die Yep, *this* patches seems to make things much happier. I'll integrate cpio 2.8 back into the Yahoo tree when this is merged in. Thanks for your patience and work on -stable. Sean ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2010/06/18 10:51, Sean Bruno wrote: On Thu, 2010-06-17 at 15:13 -0700, Xin LI wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2010/06/17 13:53, Peter Jeremy wrote: On 2010-Jun-15 17:22:50 -0700, Xin LI delp...@delphij.net wrote: On 2010/06/15 17:05, Sean Bruno wrote: A little more background. It looks like symlinks are getting stripped of their '/' which sucks. Ideas? ... e.g. /home/foo/bar - /opt/baz/blob becomes home/foo/bar - opt/baz/blob Yuck. This is a security measurement I think. Can someone please explain how stripping a leading '/' off the destination of a symlink enhances security? The destination is not being written to. --absolute-filenames disables this behavior. This definitely reduces security and would seem to be far more dangerous than being able to create symlinks to absolute pathnames. Sorry I have misunderstood the original issue. It's the link target being mangled and doesn't seem right to me. I'll ask the author about this. The attached patch should restore the old behavior. Cheers, - -- Xin LI delp...@delphij.net http://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die Yep, *this* patches seems to make things much happier. I'll integrate cpio 2.8 back into the Yahoo tree when this is merged in. Thanks for testing, I have committed the patch as r209311 and sorry for the breakage. Cheers, - -- Xin LI delp...@delphij.nethttp://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (FreeBSD) iQEcBAEBCAAGBQJMG7lxAAoJEATO+BI/yjfBBhEIAJRbR1ZniY+JQ4Ak+He+FWKw jRXb/lTC1PfCDIi5Vm+j0NGAZP2hNBzt9k7uouDyguXcHKvPNXKFhjvaJtdDK40Y e2Pr2PNeXzwBGaL27eDPdjt2gxZ16GbzQe47d2jyT3nQRUYBGehJcLzJl7chrLZn 0PJmztmZt8Uc6oeQo427PzhgqcCFG5Edrc7dtiFZ1rvdaXGXd64mu30oArLV3MCA c//wgx+qK2wQ1AGeylZGOqbJmtgdxY3+g961a/G9c0Y/Bt+muWBY5xDK1LpA7IcN /s8l39g6TMzjp4YYlRUG5flhv3xtFACZxxAnkDYA+02cR2euNpt1irjdxj7jwvI= =V3yO -END PGP SIGNATURE- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
On 2010-Jun-15 17:22:50 -0700, Xin LI delp...@delphij.net wrote: On 2010/06/15 17:05, Sean Bruno wrote: A little more background. It looks like symlinks are getting stripped of their '/' which sucks. Ideas? ... e.g. /home/foo/bar - /opt/baz/blob becomes home/foo/bar - opt/baz/blob Yuck. This is a security measurement I think. Can someone please explain how stripping a leading '/' off the destination of a symlink enhances security? The destination is not being written to. --absolute-filenames disables this behavior. This definitely reduces security and would seem to be far more dangerous than being able to create symlinks to absolute pathnames. -- Peter Jeremy pgpiAgVPvZVj0.pgp Description: PGP signature
Re: [Stable 7] CPIO breakage/
On 18/06/2010 6:53 AM, Peter Jeremy wrote: On 2010-Jun-15 17:22:50 -0700, Xin LI delp...@delphij.net wrote: On 2010/06/15 17:05, Sean Bruno wrote: A little more background. It looks like symlinks are getting stripped of their '/' which sucks. Ideas? ... e.g. /home/foo/bar - /opt/baz/blob becomes home/foo/bar - opt/baz/blob Yuck. This is a security measurement I think. Can someone please explain how stripping a leading '/' off the destination of a symlink enhances security? The destination is not being written to. Easy. Create a symlink etc, to /etc Create a file etc/passwd containing whatever you want. Of course, a better way to deal with that is to chroot, seeing you could probably use ../../../../../../../../../../../../.../../../../etc instead of /etc and get the same effect, and I don't know that tar tries to prevent that; tar has the --chroot option. --absolute-filenames disables this behavior. This definitely reduces security and would seem to be far more dangerous than being able to create symlinks to absolute pathnames. -- Sean Winn s...@gothic.net.au ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2010/06/17 13:53, Peter Jeremy wrote:
On 2010-Jun-15 17:22:50 -0700, Xin LI delp...@delphij.net wrote:
On 2010/06/15 17:05, Sean Bruno wrote:
A little more background. It looks like symlinks are getting stripped
of their '/' which sucks. Ideas?
...
e.g. /home/foo/bar - /opt/baz/blob
becomes
home/foo/bar - opt/baz/blob
Yuck.
This is a security measurement I think.
Can someone please explain how stripping a leading '/' off the
destination of a symlink enhances security? The destination is
not being written to.
--absolute-filenames disables this behavior.
This definitely reduces security and would seem to be far more
dangerous than being able to create symlinks to absolute pathnames.
Sorry I have misunderstood the original issue. It's the link target
being mangled and doesn't seem right to me. I'll ask the author about this.
The attached patch should restore the old behavior.
Cheers,
- --
Xin LI delp...@delphij.nethttp://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (FreeBSD)
iQEcBAEBCAAGBQJMGp3tAAoJEATO+BI/yjfBIkIH/0buRkFHzuflR49XomlHNk4Q
uG8uY9/tlyBH6hNTnAqOfjGZLRM500nIifathpIeMd5BNvt2m6OLnuCHlX0Fu7LV
nc83dS4nL1URp1gZqDrRcXTYMlV+2mASslyz/HpqJSIYx/sfKgRujWoqQr6Qufmu
qAMt0324UYIABlPo/M4tsU9LQoPheQLBq+FozcUvxwdoQsy5H1fCaNI4efwTpGNR
CLvBypCRw8ALnoOQAYWQXQF6x/tEO33Y5DVloDh1B/5haSTFmKJK8rlRucY6A731
QysspgLtRMJ7NWJfCbJr7mA/4aqqDMzg3bIZzkgYmGUoV0EsHy5tQQKdkz1I1Mw=
=A705
-END PGP SIGNATURE-
Index: contrib/cpio/src/copyout.c
===
--- contrib/cpio/src/copyout.c (revision 209216)
+++ contrib/cpio/src/copyout.c (working copy)
@@ -836,9 +836,6 @@ process_copy_out ()
continue;
}
link_name[link_size] = 0;
- cpio_safer_name_suffix (link_name, false,
- abs_paths_flag, true);
- link_size = strlen (link_name);
file_hdr.c_filesize = link_size;
if (archive_format == arf_tar || archive_format == arf_ustar)
{
Index: contrib/cpio/src/util.c
===
--- contrib/cpio/src/util.c (revision 209216)
+++ contrib/cpio/src/util.c (working copy)
@@ -1252,8 +1252,25 @@ stat_to_cpio (struct cpio_file_stat *hdr, struct s
hdr-c_uid = CPIO_UID (st-st_uid);
hdr-c_gid = CPIO_GID (st-st_gid);
hdr-c_nlink = st-st_nlink;
- hdr-c_rdev_maj = major (st-st_rdev);
- hdr-c_rdev_min = minor (st-st_rdev);
+
+ switch (hdr-c_mode CP_IFMT)
+ {
+case CP_IFBLK:
+case CP_IFCHR:
+#ifdef CP_IFIFO
+case CP_IFIFO:
+#endif
+#ifdef CP_IFSOCK
+case CP_IFSOCK:
+#endif
+ hdr-c_rdev_maj = major (st-st_rdev);
+ hdr-c_rdev_min = minor (st-st_rdev);
+ break;
+default:
+ hdr-c_rdev_maj = 0;
+ hdr-c_rdev_min = 0;
+ break;
+ }
hdr-c_mtime = st-st_mtime;
hdr-c_filesize = st-st_size;
hdr-c_chksum = 0;
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
On 18/06/2010, at 8:02 AM, Leif Walsh wrote: On Thu, Jun 17, 2010 at 2:54 PM, Sean s...@gothic.net.au wrote: Easy. Create a symlink etc, to /etc Create a file etc/passwd containing whatever you want. This could be an artifact of coming from the Linux world and knowing little about the BSD kernel (and I should probably lurk a bit longer before posting on a new list), but wouldn't the symlink resolve and result in a totally new chain of lookup/permissions calls? I don't see how making a symlink to a location allows you to change the permissions of that location just by changing the permissions of the symlink. It only works if the user extracting already has permission to write there anyway. It's a means of taking advantage of a privileged user who extracts the tar. -- Cheers, Leif ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
On Thu, Jun 17, 2010 at 2:54 PM, Sean s...@gothic.net.au wrote: Easy. Create a symlink etc, to /etc Create a file etc/passwd containing whatever you want. This could be an artifact of coming from the Linux world and knowing little about the BSD kernel (and I should probably lurk a bit longer before posting on a new list), but wouldn't the symlink resolve and result in a totally new chain of lookup/permissions calls? I don't see how making a symlink to a location allows you to change the permissions of that location just by changing the permissions of the symlink. -- Cheers, Leif ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
On Thu, Jun 17, 2010 at 3:29 PM, Sean s...@gothic.net.au wrote: It only works if the user extracting already has permission to write there anyway. It's a means of taking advantage of a privileged user who extracts the tar. Bah, you're right. -- Cheers, Leif ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
On 06/15/10 22:53, Daniel Braniss wrote: A similar 'security feature' was introduced sometime ago, wich 'silently' broke firefox instalation , it refused to allow symlinks in destination directory, of course the error was ignored by 'make install' so it took some time later to find out that nothing was installed - my /usr/local is symlinked. The solution was to 'fix' cpio to behave as before, since adding the ignore-symlinks feature to firefox's makefile was beyond me:-) I'm sorry to hear that you had problems with this, but I'd like to take this opportunity to make a plea that when you (pl.) run into problems like this that you report them when they happen. I know that after taking time to track down problems the last thing you want to do is take MORE time to report them, but the 5 minutes you spend reporting it today can save hours for other users down the road. Doug -- ... and that's just a little bit of history repeating. -- Propellerheads Improve the effectiveness of your Internet presence with a domain name makeover!http://SupersetSolutions.com/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
On Tue, 2010-06-15 at 16:30 -0700, Xin LI wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Sean, On 2010/06/15 15:10, Sean Bruno wrote: http://svn.freebsd.org/viewvc/base?limit_changes=0view=revisionrevision=208361 I'm not sure what's up with this update, but it hosed up the default behavior of cpio. [...] We've had to revert this change from our local tree, suggestions? Could you please test the attached patch? Cheers, - -- Xin LI delp...@delphij.net http://www.delphij.net/ Xin: I will test it in the morning after my latest builds go out the door. Thank you for the update and quick response. Sean ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
On Tue, 2010-06-15 at 16:30 -0700, Xin LI wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Sean, On 2010/06/15 15:10, Sean Bruno wrote: http://svn.freebsd.org/viewvc/base?limit_changes=0view=revisionrevision=208361 I'm not sure what's up with this update, but it hosed up the default behavior of cpio. [...] We've had to revert this change from our local tree, suggestions? Could you please test the attached patch? Cheers, - -- Xin LI delp...@delphij.net http://www.delphij.net/ - Didn't get to this today, I'll try again tomorrow. sean ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi, Sean,
On 2010/06/15 15:10, Sean Bruno wrote:
http://svn.freebsd.org/viewvc/base?limit_changes=0view=revisionrevision=208361
I'm not sure what's up with this update, but it hosed up the default
behavior of cpio.
[...]
We've had to revert this change from our local tree, suggestions?
Could you please test the attached patch?
Cheers,
- --
Xin LI delp...@delphij.nethttp://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (FreeBSD)
iQEcBAEBCAAGBQJMGAz/AAoJEATO+BI/yjfBoMsH/09y4W745hnblSDFM3J8zBaa
rQjXnN08vtitqu55uFz1dBwFrP9IvbIU0yCNqOOiYduBvhjQt4IMM/FY+sXDBbHo
U5jZ7jQvu+usw3mewRMrnc1weCQnehyQMC9u5ZCVZYXp2aK/MhOXTX6/faZpxseW
zStQYjAtXOzMQ7oEWV6DBFbwOXaCGybfqNKoygeqTlGDDrdh0RXbXBzeYDmh9FNt
lA4+utFRcDOgupZDP+bDe3tR7Tl/keBFCCOkuBjrYtZaMDePxSWFC9ES2zvOue1c
IekVMB71elpgnUsjv/ryqwLB4SanDB5c/QCCFHtr77FsxJh4muv2ecX2sNj2zvg=
=YFSQ
-END PGP SIGNATURE-
Index: contrib/cpio/src/util.c
===
--- contrib/cpio/src/util.c (revision 209216)
+++ contrib/cpio/src/util.c (working copy)
@@ -1252,8 +1252,25 @@ stat_to_cpio (struct cpio_file_stat *hdr, struct s
hdr-c_uid = CPIO_UID (st-st_uid);
hdr-c_gid = CPIO_GID (st-st_gid);
hdr-c_nlink = st-st_nlink;
- hdr-c_rdev_maj = major (st-st_rdev);
- hdr-c_rdev_min = minor (st-st_rdev);
+
+ switch (hdr-c_mode CP_IFMT)
+ {
+case CP_IFBLK:
+case CP_IFCHR:
+#ifdef CP_IFIFO
+case CP_IFIFO:
+#endif
+#ifdef CP_IFSOCK
+case CP_IFSOCK:
+#endif
+ hdr-c_rdev_maj = major (st-st_rdev);
+ hdr-c_rdev_min = minor (st-st_rdev);
+ break;
+default:
+ hdr-c_rdev_maj = 0;
+ hdr-c_rdev_min = 0;
+ break;
+ }
hdr-c_mtime = st-st_mtime;
hdr-c_filesize = st-st_size;
hdr-c_chksum = 0;
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
On Tue, 2010-06-15 at 17:10 -0500, Sean Bruno wrote: http://svn.freebsd.org/viewvc/base?limit_changes=0view=revisionrevision=208361 I'm not sure what's up with this update, but it hosed up the default behavior of cpio. It appears now that -o won't do the same things that it used to: + cd / + find -x . + egrep -v '^\.(/snap|/usr/sup|/boot/kernel/kernel \.[[:alpha:]_]+\.[[:digit:]]+|/boot/kernel/kernel \.old|/etc/start_if.*|/etc/ssh/ssh_host_.*key|/etc/hostid|/etc/(master.passwd|passwd|spwd.db|pwd.db))' + '[' -n '' ']' + '[' 7 = 4 ']' + '[' -n '' -a -z '' ']' + '[' -n /home/backup ']' + echo 'dumping / ...' dumping / ... + cpio -o --quiet --format crc -O /home/backup/root.amd64.cpio cpio: ./dev not dumped: minor number would be truncated cpio: Removing leading `/' from member names cpio: ./proc not dumped: minor number would be truncated cpio: Removing leading `../' from member names We've had to revert this change from our local tree, suggestions? Sean A little more background. It looks like symlinks are getting stripped of their '/' which sucks. Ideas? Sean e.g. /home/foo/bar - /opt/baz/blob becomes home/foo/bar - opt/baz/blob Yuck. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2010/06/15 17:05, Sean Bruno wrote: On Tue, 2010-06-15 at 17:10 -0500, Sean Bruno wrote: http://svn.freebsd.org/viewvc/base?limit_changes=0view=revisionrevision=208361 I'm not sure what's up with this update, but it hosed up the default behavior of cpio. It appears now that -o won't do the same things that it used to: + cd / + find -x . + egrep -v '^\.(/snap|/usr/sup|/boot/kernel/kernel \.[[:alpha:]_]+\.[[:digit:]]+|/boot/kernel/kernel \.old|/etc/start_if.*|/etc/ssh/ssh_host_.*key|/etc/hostid|/etc/(master.passwd|passwd|spwd.db|pwd.db))' + '[' -n '' ']' + '[' 7 = 4 ']' + '[' -n '' -a -z '' ']' + '[' -n /home/backup ']' + echo 'dumping / ...' dumping / ... + cpio -o --quiet --format crc -O /home/backup/root.amd64.cpio cpio: ./dev not dumped: minor number would be truncated cpio: Removing leading `/' from member names cpio: ./proc not dumped: minor number would be truncated cpio: Removing leading `../' from member names We've had to revert this change from our local tree, suggestions? Sean A little more background. It looks like symlinks are getting stripped of their '/' which sucks. Ideas? Sean e.g. /home/foo/bar - /opt/baz/blob becomes home/foo/bar - opt/baz/blob Yuck. This is a security measurement I think. - --absolute-filenames disables this behavior. Cheers, - -- Xin LI delp...@delphij.nethttp://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (FreeBSD) iQEcBAEBCAAGBQJMGBlZAAoJEATO+BI/yjfBAekH/1F/g1JUZWricyMmy2hF5f5x EvHnp6j5GClGRFm/llh5FdYhEMlS7gYEgcHhT96TSicetgy7Jzs3+Cq7aAcDAXCv jyHlf0EMvTSDKHO8tDn8EXxlhxiBIRM1iMPvuzKAiH3HqPFufOvK41ozc4dpkXzS YLtbKUE4heEXIDP6Pm3nMDupc1BAax0JHqCmU7a/Th3WMWBmllpCQmKqfRP8w11i GLmrQ/nWwX/y7eSKlr9azB/uZr6cCdo4bB+VcuyWO9hyHf5QtLv5peHqAD8iO9Ph VhyRUzcTlYhBtYHOvStIAyWh3c9WV/D0nsh3+NugajSRMoD9oAVKsLOWSlmtKCw= =t5Tx -END PGP SIGNATURE- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
On Jun 15, 2010, at 6:22 PM, Xin LI wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2010/06/15 17:05, Sean Bruno wrote: On Tue, 2010-06-15 at 17:10 -0500, Sean Bruno wrote: http://svn.freebsd.org/viewvc/base?limit_changes=0view=revisionrevision=208361 I'm not sure what's up with this update, but it hosed up the default behavior of cpio. It appears now that -o won't do the same things that it used to: + cd / + find -x . + egrep -v '^\.(/snap|/usr/sup|/boot/kernel/kernel \.[[:alpha:]_]+\.[[:digit:]]+|/boot/kernel/kernel \.old|/etc/start_if.*|/etc/ssh/ssh_host_.*key|/etc/hostid|/etc/(master.passwd|passwd|spwd.db|pwd.db))' + '[' -n '' ']' + '[' 7 = 4 ']' + '[' -n '' -a -z '' ']' + '[' -n /home/backup ']' + echo 'dumping / ...' dumping / ... + cpio -o --quiet --format crc -O /home/backup/root.amd64.cpio cpio: ./dev not dumped: minor number would be truncated cpio: Removing leading `/' from member names cpio: ./proc not dumped: minor number would be truncated cpio: Removing leading `../' from member names We've had to revert this change from our local tree, suggestions? Sean A little more background. It looks like symlinks are getting stripped of their '/' which sucks. Ideas? Sean e.g. /home/foo/bar - /opt/baz/blob becomes home/foo/bar - opt/baz/blob Yuck. This is a security measurement I think. - --absolute-filenames disables this behavior. This is exactly the kind of stuff that was supposed to be avoided in stable branches. Your import of cpio cost us several days of debugging. Scott ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Stable 7] CPIO breakage/
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2010/06/15 17:05, Sean Bruno wrote: On Tue, 2010-06-15 at 17:10 -0500, Sean Bruno wrote: http://svn.freebsd.org/viewvc/base?limit_changes=0view=revisionrevision=208361 I'm not sure what's up with this update, but it hosed up the default behavior of cpio. It appears now that -o won't do the same things that it used to: + cd / + find -x . + egrep -v '^\.(/snap|/usr/sup|/boot/kernel/kernel \.[[:alpha:]_]+\.[[:digit:]]+|/boot/kernel/kernel \.old|/etc/start_if.*|/etc/ssh/ssh_host_.*key|/etc/hostid|/etc/(master.passwd|passwd|spwd.db|pwd.db))' + '[' -n '' ']' + '[' 7 = 4 ']' + '[' -n '' -a -z '' ']' + '[' -n /home/backup ']' + echo 'dumping / ...' dumping / ... + cpio -o --quiet --format crc -O /home/backup/root.amd64.cpio cpio: ./dev not dumped: minor number would be truncated cpio: Removing leading `/' from member names cpio: ./proc not dumped: minor number would be truncated cpio: Removing leading `../' from member names We've had to revert this change from our local tree, suggestions? Sean A little more background. It looks like symlinks are getting stripped of their '/' which sucks. Ideas? Sean e.g. /home/foo/bar - /opt/baz/blob becomes home/foo/bar - opt/baz/blob Yuck. This is a security measurement I think. - --absolute-filenames disables this behavior. A similar 'security feature' was introduced sometime ago, wich 'silently' broke firefox instalation , it refused to allow symlinks in destination directory, of course the error was ignored by 'make install' so it took some time later to find out that nothing was installed - my /usr/local is symlinked. The solution was to 'fix' cpio to behave as before, since adding the ignore-symlinks feature to firefox's makefile was beyond me :-) danny ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
