[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#361740: liblua50-dev: symlink pointing to .

Justin Pryzby <justinpryzby@users.sourceforge.net> writes:
> On Sun, Apr 09, 2006 at 05:54:03PM -0700, Russ Allbery wrote:

>> Does grep -r follow symlinks?  That sounds kind of dangerous.

> It does, I just checked.  I'm not sure why it's dangerous, xargs in
> /tmp/ is dumb, and anywhere else you control and should be safe..

Well, because of exactly this.  Symlinks that create circular directory
structures are extremely common.  Not dangerous in the security
vulnerability sense, dangerous in the "this may not do what you expect and
be very slow and annoying while not doing it" sense.

> There is exactly one header file, and IMO packages should care enough
> about their dependencies to not do silly things to get a single file
> included.

It smells like a transitional measure, but I don't know for sure.  I see
that it was intentional:

 lua50  (5.0.2-3) unstable; urgency=low

   * Fold in a patch from Reuben Thomas, integrating the signal and error
     code from Fedora Core. Thanks Reuben.
   * Lintian cleanups (recursive symlink stays, sorry)

 -- Daniel Silverstone <dsilvers@debian.org>  Thu, 3 Jun 2004 14:35:00 -0300 

I do generally agree that it's not the best idea if there are other
solutions to the same problem, but I can see why one might arrive at this

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: