From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:470:142:3::10]:32979)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hnWtX-0000F1-Dy
 for guix-patches@gnu.org; Tue, 16 Jul 2019 19:30:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hnWtW-0004p9-GL
 for guix-patches@gnu.org; Tue, 16 Jul 2019 19:30:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:42491)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1hnWtW-0004ov-C0
 for guix-patches@gnu.org; Tue, 16 Jul 2019 19:30:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hnWtW-0003c9-3L
 for guix-patches@gnu.org; Tue, 16 Jul 2019 19:30:02 -0400
Subject: [bug#36699] [PATCH 4/4] channels: Reject directories with '..' in
 '.guix-channel' file.
Resent-Message-ID: <handler.36699.B36699.156331978913854@debbugs.gnu.org>
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <20190716232433.16789-1-ludo@gnu.org>
 <20190716232433.16789-4-ludo@gnu.org>
Date: Wed, 17 Jul 2019 01:29:39 +0200
In-Reply-To: <20190716232433.16789-4-ludo@gnu.org> ("Ludovic
 \=\?utf-8\?Q\?Cou\?\= \=\?utf-8\?Q\?rt\=C3\=A8s\=22's\?\=
 message of "Wed, 17 Jul 2019 01:24:33 +0200")
Message-ID: <87blxteexo.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 36699@debbugs.gnu.org

Ludovic Court=C3=A8s <ludo@gnu.org> skribis:

> +  (define (sane-directory directory)
> +    ;; If DIRECTORY contains '..', raise an error; otherwise return it.
> +    (when (member ".." (string-split directory #\/))
> +      (raise (condition
> +              (&message (message "channel sub-directory must not contain=
 '..'"))
> +              (&error-location (location location)))))
> +    directory)

On second thought, it=E2=80=99s probably kind of useless since the only pla=
ce
where =E2=80=98directory=E2=80=99 is used is in the derivation that builds =
the channel,
which is normally running in a chroot:

  (let* ((subdir #$directory)
         (source (string-append #$source subdir)))
    (compile-files source go (find-files source "\\.scm$"))
    (mkdir-p (dirname scm))
    (symlink (string-append #$source subdir) scm))

So I guess we can drop this patch.  Thoughts?

Ludo=E2=80=99.