From ca7e8f4cc9ea7cb01e332eb6f784b30b0a952594 Mon Sep 17 00:00:00 2001 From: James McCoy Date: Tue, 30 Dec 2014 22:01:18 -0500 Subject: [PATCH] dd-schroot-cmd: Relax session name check MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit As per schroot.conf(5): A number of characters or words are not permitted in a chroot name, session name or configuration filename. The name may not contain a leading period (‘.’). The characters ‘:’ (colon), ‘,’ (comma) and ‘/’ (forward slash) are not permitted anywhere in the name. The name may also not contain a trailing tilde (‘~’). Relaxing the session name check in get_session_owner to better align with schroot's actual restrictions reduces the chance that a user will create a session yet be unable to manipulate it with dd-schroot-cmd. Signed-off-by: James McCoy Signed-off-by: Paul Wise --- modules/porterbox/files/dd-schroot-cmd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/porterbox/files/dd-schroot-cmd b/modules/porterbox/files/dd-schroot-cmd index 6506b6ed..598fb125 100755 --- a/modules/porterbox/files/dd-schroot-cmd +++ b/modules/porterbox/files/dd-schroot-cmd @@ -56,7 +56,7 @@ def die(s): sys.exit(1) def get_session_owner(session): - if re.search('[^0-9a-zA-Z_-]', session): + if re.search('^\.|~$|[^0-9a-zA-Z_.~-]', session): die("Invalid session name.") path = os.path.join('/var/lib/schroot/session', session) -- 2.39.2