Bug#787630: libstdc++6: unsafe rm -rf on pycache dir can wipe all filesystems

To: Bas van Sisseren <bas@quarantainenet.nl>, 787630@bugs.debian.org
Subject: Bug#787630: libstdc++6: unsafe rm -rf on __pycache__ dir can wipe all filesystems
From: Matthias Klose <doko@debian.org>
Date: Wed, 03 Jun 2015 20:09:28 +0200
Message-id: <[🔎] 556F42D8.5040906@debian.org>
Reply-to: Matthias Klose <doko@debian.org>, 787630@bugs.debian.org
In-reply-to: <[🔎] 556F0B97.4040905@quarantainenet.nl>
References: <[🔎] 556F0B97.4040905@quarantainenet.nl>

Control: severity -1 normal

On 06/03/2015 04:13 PM, Bas van Sisseren wrote:
> Package: libstdc++6
> Version: 5.1.1-9
> Severity: grave
> Justification: causes non-serious data loss
> 
> The postinst script of libstdc++6 attempts to remove all __pycache__ dirs
> from /usr/share/gcc-4.9/python, but doesn't do this in a secure way.
> 
> If you accidentally had created files in /usr/share/gcc-4.9/python with a
> space in the name, there is a possiblity that the package upgrade will
> trigger a 'rm -rf /'.

"If", no need to exaggerate the severity.

> The package upgrade also warns about non-existing /usr/share/gcc-4.9/python,
> when the dir does not exist.

fixed in the VCS.

Reply to:

References:
- Bug#787630: libstdc++6: unsafe rm -rf on __pycache__ dir can wipe all filesystems
  - From: Bas van Sisseren <bas@quarantainenet.nl>

Prev by Date: Results for 4.9.2 (Debian 4.9.2-20) testsuite on mipsel-unknown-linux-gnu
Next by Date: Processed: Re: Bug#787630: libstdc++6: unsafe rm -rf on __pycache__ dir can wipe all filesystems
Previous by thread: Bug#787630: libstdc++6: unsafe rm -rf on __pycache__ dir can wipe all filesystems
Next by thread: Processed: Re: Bug#787630: libstdc++6: unsafe rm -rf on __pycache__ dir can wipe all filesystems
Index(es):
- Date
- Thread

Bug#787630: libstdc++6: unsafe rm -rf on __pycache__ dir can wipe all filesystems

Bug#787630: libstdc++6: unsafe rm -rf on pycache dir can wipe all filesystems