diff options
| author | Niels Thykier <niels@thykier.net> | 2018-04-07 10:41:20 +0000 |
|---|---|---|
| committer | Niels Thykier <niels@thykier.net> | 2018-04-07 10:41:20 +0000 |
| commit | 1db0bd881f3329198415a08af61d01b0b8ba92ed (patch) | |
| tree | f7c5236012dc31fa5c2b596c37e52fecde09f8f2 /dh_usrlocal | |
| parent | cd9fc58e77636b1c1506df967a796f96dbd77296 (diff) | |
| download | debhelper-1db0bd881f3329198415a08af61d01b0b8ba92ed.tar.gz | |
dh_usrlocal: Abort on known unsafe directory names
Signed-off-by: Niels Thykier <niels@thykier.net>
Diffstat (limited to 'dh_usrlocal')
| -rwxr-xr-x | dh_usrlocal | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/dh_usrlocal b/dh_usrlocal index da1a2df7..93bf3d6b 100755 --- a/dh_usrlocal +++ b/dh_usrlocal @@ -98,6 +98,12 @@ foreach my $package (@{$dh{DOPACKAGES}}) { my $fn = $File::Find::name; $fn =~ s!^\Q$tmp\E!!; return if $fn eq '/usr/local'; + # Detect some obvious cases of "this will not end + # well". We rely on what "while read dir ... ; do" + # can handle for correctness. + if ($fn =~ m{[\s!'"\$()*#;<>?@\[\]\\`|]}) { + error("Cannot generate a correct shell script for $fn due to shell metacharacters"); + } if (should_use_root()) { my $stat = stat $File::Find::dir; if ($stat->uid == 0 && $stat->gid == 0) { |