Bug#555979: debian-policy: Symlinks pointing beyond the root of the file system

[Russ Allbery]

Package: debian-policy
Version: 3.8.3.0
Severity: wishlist

Lintian has a tag:

Tag: symlink-has-too-many-up-segments
Severity: serious
Certainty: certain
Ref: policy 10.5
Info: The symlink references a directory beyond the root directory "/".

for symlinks that contain so many ../ segments that they traverse above
the root of the file system. This tag is currently used by ftpmaster to
reject uploads, but this behavior is not explicitly prohibited by Policy
(although it violates both shoulds in 10.5).

-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-2-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

debian-policy depends on no packages.

debian-policy recommends no packages.

Versions of packages debian-policy suggests:
ii doc-base 0.9.5 utilities to manage online documen

-- no debconf information

--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

[Andrey Rahmatullin]

Control: tags -1 + patch

On Thu, Nov 12, 2009 at 04:31:52PM -0800, Russ Allbery wrote:
> Lintian has a tag:
>
> Tag: symlink-has-too-many-up-segments
> Severity: serious
> Certainty: certain
> Ref: policy 10.5
> Info: The symlink references a directory beyond the root directory "/".
>
> for symlinks that contain so many ../ segments that they traverse above
> the root of the file system. This tag is currently used by ftpmaster to
> reject uploads, but this behavior is not explicitly prohibited by Policy
> (although it violates both shoulds in 10.5).

Here is a patch:

diff --git a/policy.sgml b/policy.sgml
index 6eac491..a582f60 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -8892,6 +8892,7 @@ fname () {
would point to <file>/srv/run</file> rather than the intended
target.
</footnote>
+ Symbolic links must not traverse above the root directory.
</p>

<p>



--
WBR, wRAR

[Bill Allombert]

Seconded.

(If I may give you a tip, when sending policy patch, consider using more context
lines (e.g. diff -u6)), this makes the location of the cange more obvious.

Cheers,
--
Bill. <ball...@debian.org>

Imagine a large red swirl here.

[Bill Allombert]

On Sun, Nov 23, 2014 at 01:58:41AM +0000, Anthony Towns wrote:
> On Sat, Nov 22, 2014 at 12:39:44PM +0500, Andrey Rahmatullin wrote:

> > On Thu, Nov 12, 2009 at 04:31:52PM -0800, Russ Allbery wrote:
> > > Lintian has a tag:
> > > Tag: symlink-has-too-many-up-segments
> > > Severity: serious
>

> > + Symbolic links must not traverse above the root directory.
>

> This isn't listed in https://release.debian.org/jessie/rc_policy.txt
>
> I don't see any reason why it should be RC; so s/must/should/ IMO.

Is it your position that an issue that cause the FTP masters to reject the
package at upload time is not necessarily RC ?

Cheers,
--
Bill. <ball...@debian.org>

Imagine a large red swirl here.

[Jakub Wilk]

* Andrey Rahmatullin <wr...@debian.org>, 2014-11-22, 12:39:

>--- a/policy.sgml
>+++ b/policy.sgml
>@@ -8892,6 +8892,7 @@ fname () {
> would point to <file>/srv/run</file> rather than the intended
> target.
> </footnote>
>+ Symbolic links must not traverse above the root directory.
> </p>

Seconded.

--
Jakub Wilk

[Henrique de Moraes Holschuh]

On Sun, 23 Nov 2014, Jakub Wilk wrote:
> * Andrey Rahmatullin <wr...@debian.org>, 2014-11-22, 12:39:
> >--- a/policy.sgml
> >+++ b/policy.sgml
> >@@ -8892,6 +8892,7 @@ fname () {
> > would point to <file>/srv/run</file> rather than the intended
> > target.
> > </footnote>
> >+ Symbolic links must not traverse above the root directory.
> > </p>
>
> Seconded.

Seconded. as well.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh

[Anthony Towns]

On Sun, Nov 23, 2014 at 01:25:50PM +0100, Bill Allombert wrote:
> On Sun, Nov 23, 2014 at 01:58:41AM +0000, Anthony Towns wrote:
> > On Sat, Nov 22, 2014 at 12:39:44PM +0500, Andrey Rahmatullin wrote:
> > > On Thu, Nov 12, 2009 at 04:31:52PM -0800, Russ Allbery wrote:
> > > > Lintian has a tag:
> > > > Tag: symlink-has-too-many-up-segments
> > > > Severity: serious
> >
> > > + Symbolic links must not traverse above the root directory.
> >
> > This isn't listed in https://release.debian.org/jessie/rc_policy.txt
> >
> > I don't see any reason why it should be RC; so s/must/should/ IMO.
>
> Is it your position that an issue that cause the FTP masters to reject the
> package at upload time is not necessarily RC ?

Yes; or more particularly, that FTP masters should reject packages with
any bug that's easy to fix and easy to detect with no (or very minimal)
false positives, whether it's RC or not.

Cheers,
aj

[Bill Allombert]

On Sun, Nov 23, 2014 at 01:44:02PM -0200, Henrique de Moraes Holschuh wrote:
> On Sun, 23 Nov 2014, Jakub Wilk wrote:
> > * Andrey Rahmatullin <wr...@debian.org>, 2014-11-22, 12:39:
> > >--- a/policy.sgml
> > >+++ b/policy.sgml
> > >@@ -8892,6 +8892,7 @@ fname () {
> > > would point to <file>/srv/run</file> rather than the intended
> > > target.
> > > </footnote>
> > >+ Symbolic links must not traverse above the root directory.
> > > </p>
> >
> > Seconded.
>
> Seconded. as well.

Hello,

Thanks for the seconds, I have commited this patch to the GIT repository.

Anthony objection about the "must" is not specific to this bug,
and the "must" is used in accordance to the usual practice of the policy
editors concerning auto-reject lintian errors, thus we cannot address it
there.

Cheers,
--
Bill. <ball...@debian.org>

Imagine a large red swirl here.