Bug#361740: liblua50-dev: symlink pointing to .
On Sun, Apr 09, 2006 at 06:23:00PM -0700, Russ Allbery wrote:
> Justin Pryzby <justinpryzby@users.sourceforge.net> writes:
> > On Sun, Apr 09, 2006 at 05:54:03PM -0700, Russ Allbery wrote:
>
> >> Does grep -r follow symlinks? That sounds kind of dangerous.
>
> > It does, I just checked. I'm not sure why it's dangerous, xargs in
> > /tmp/ is dumb, and anywhere else you control and should be safe..
>
> Well, because of exactly this. Symlinks that create circular directory
> structures are extremely common. Not dangerous in the security
> vulnerability sense, dangerous in the "this may not do what you expect and
> be very slow and annoying while not doing it" sense.
>
> > There is exactly one header file, and IMO packages should care enough
> > about their dependencies to not do silly things to get a single file
> > included.
>
> It smells like a transitional measure, but I don't know for sure. I see
> that it was intentional:
>
> lua50 (5.0.2-3) unstable; urgency=low
>
> * Fold in a patch from Reuben Thomas, integrating the signal and error
> code from Fedora Core. Thanks Reuben.
> * Lintian cleanups (recursive symlink stays, sorry)
>
> -- Daniel Silverstone <dsilvers@debian.org> Thu, 3 Jun 2004 14:35:00 -0300
Damn, I looked for this and bet I saw it too, but ignored it because
it m/^Lintian/..
I can see that it wont go away easily, since there are ~50 depending
packages, any of which might be including strangely named files..
Reply to: