picnoir/Nix
1
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity
Nix/doc/manual/rl-next
History
Robert Hensing f1b4663805 Disallow store path names that are . or .. (plus opt. -) 
As discussed in the maintainer meeting on 2024-01-29.

Mainly this is to avoid a situation where the name is parsed and
treated as a file name, mostly to protect users.
.-* and ..-* are also considered invalid because they might strip
on that separator to remove versions. Doesn't really work, but that's
what we decided, and I won't argue with it, because .-* probably
doesn't seem to have a real world application anyway.
We do still permit a 1-character name that's just "-", which still
poses a similar risk in such a situation. We can't start disallowing
trailing -, because a non-zero number of users will need it and we've
seen how annoying and painful such a change is.

What matters most is preventing a situation where . or .. can be
injected, and to just get this done.
2024-01-31 18:35:19 +01:00
..
allowed-uris-can-now-match-whole-schemes.md allowed-uris: Match whole schemes also when scheme is not followed by slashes 2023-12-11 12:18:04 +01:00
cgroup-stats.md worker protocol: serialise cgroup stats in BuildResult (#9598) 2023-12-13 16:37:17 -05:00
config Compile hand-written release notes with changelog-d 2023-11-24 15:13:21 +01:00
drv-string-parse-hang.md optimize derivation string parsing 2023-12-30 18:44:10 +01:00
empty-search-regex.md nix search: Disallow empty regex 2023-12-21 22:13:43 +01:00
env-size-reduction.md reduce the size of Env by one pointer 2023-12-30 18:55:13 +01:00
eval-system.md Add release not for eval-system 2023-12-14 19:55:50 -05:00
git-fetcher.md rl-next: Add *general* note about git fetcher reimpl 2024-01-12 15:31:53 +01:00
hash-format-nix32.md rl-next: Use markdown frontmatter syntax 2023-12-09 19:57:55 +01:00
ifd-eval-store.md Build IFD in the build store when using eval-store. 2023-12-23 21:33:56 -05:00
leading-period.md Disallow store path names that are . or .. (plus opt. -) 2024-01-31 18:35:19 +01:00
mounted-ssh-store.md rl-next: Use markdown frontmatter syntax 2023-12-09 19:57:55 +01:00
nix-config-show.md rl-next: Use markdown frontmatter syntax 2023-12-09 19:57:55 +01:00
nix-env-json-drv-path.md rl-next: Use markdown frontmatter syntax 2023-12-09 19:57:55 +01:00
nix-flake-check-logs-actions.md Add release notes 2024-01-20 00:04:06 -08:00
nix-hash-convert.md Start standardizing hash algo flags 2024-01-20 17:29:35 -05:00
nix-profile-names.md Update release notes 2024-01-12 16:21:07 +01:00
nix-store-add.md Fix typo in upcomming release notes 2024-01-20 17:07:21 -05:00
print-value-in-coercion-error.md Print the value in error: cannot coerce messages 2024-01-23 15:15:41 -08:00
print-value-in-type-error.md Print value on type error 2024-01-22 08:56:02 -08:00
source-positions-in-errors.md Print value on type error 2024-01-22 08:56:02 -08:00
stack-overflow-segfaults.md Fix segfault on infinite recursion in some cases 2023-12-29 22:16:44 -08:00
with-error-reporting.md Print value on type error 2024-01-22 08:56:02 -08:00