[darcs-devel] [issue2035] darcs accepts fake subpaths (relative paths outside of the repo)

Eric Kow bugs at darcs.net
Wed Jan 19 15:40:24 UTC 2011


New submission from Eric Kow <kowey at darcs.net>:

This bug was reported on 2010-12-11.  We've done some diagnostics, 
created some preliminary patches and are now ready to roll out a 
release.  The bug appears to relatively minor in practice, so after some 
discussion, we've decided to just put the patch on the tracker.

It seems like we're not being aggressive enough in checking for 
malicious subpaths in darcs repositories.  One could (eg. by 
manipulating patch bundles or local darcs executables) create 
repositories that refer to paths outside of the repo.  The reporter gave 
us a nice minimal test (attached) which creates a file /tmp/test.txt if 
you get a malicious repository.

I think we know what we need to do to solve this in the long term -- 
tear out our subpath representation and switch to something like Petr's 
components-based representation in pathlib.  

In the medium term, it may also be good for us to fix hashed-storage 
(I'll post some patches to the current branch later).

We also have a patch which seems to solve the immediate problem in the 
short term.  I'm concerned that said patch is a bit band-aid-
y/plasterish.  Hopefully discussion on the list will help us work out if 
this is the appropriate solution for 2.5.1.

----------
messages: 13521
milestone: 2.5.1 CURRENT
nosy: kowey
priority: urgent
status: in-progress
title: darcs accepts fake subpaths (relative paths outside of the repo)
topic: Hashed, Security

__________________________________
Darcs bug tracker <bugs at darcs.net>
<http://bugs.darcs.net/issue2035>
__________________________________


More information about the darcs-devel mailing list