Bug#787630: libstdc++6: unsafe rm -rf on __pycache__ dir can wipe all filesystems
Control: severity -1 normal
On 06/03/2015 04:13 PM, Bas van Sisseren wrote:
> Package: libstdc++6
> Version: 5.1.1-9
> Severity: grave
> Justification: causes non-serious data loss
>
> The postinst script of libstdc++6 attempts to remove all __pycache__ dirs
> from /usr/share/gcc-4.9/python, but doesn't do this in a secure way.
>
> If you accidentally had created files in /usr/share/gcc-4.9/python with a
> space in the name, there is a possiblity that the package upgrade will
> trigger a 'rm -rf /'.
"If", no need to exaggerate the severity.
> The package upgrade also warns about non-existing /usr/share/gcc-4.9/python,
> when the dir does not exist.
fixed in the VCS.
Reply to: