max/nix-super
1
0
Fork 0
mirror of https://github.com/privatevoid-net/nix-super.git synced 2024-11-10 08:16:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
nix-super/doc/manual/rl-next/leading-period.md
Robert Hensing f1b4663805 Disallow store path names that are . or .. (plus opt. -) 
As discussed in the maintainer meeting on 2024-01-29.

Mainly this is to avoid a situation where the name is parsed and
treated as a file name, mostly to protect users.
.-* and ..-* are also considered invalid because they might strip
on that separator to remove versions. Doesn't really work, but that's
what we decided, and I won't argue with it, because .-* probably
doesn't seem to have a real world application anyway.
We do still permit a 1-character name that's just "-", which still
poses a similar risk in such a situation. We can't start disallowing
trailing -, because a non-zero number of users will need it and we've
seen how annoying and painful such a change is.

What matters most is preventing a situation where . or .. can be
injected, and to just get this done.
2024-01-31 18:35:19 +01:00

604 B
Raw Blame History

synopsis issues prs
Store paths are allowed to start with `.` 912 9867 9091 9095 9120 9121 9122 9130 9219 9224

Leading periods were allowed by accident in Nix 2.4. The Nix team has considered this to be a bug, but this behavior has since been relied on by users, leading to unnecessary difficulties. From now on, leading periods are officially, definitively supported. The names . and .. are disallowed, as well as those starting with .- or ..-.

Nix versions that denied leading periods are documented in the issue.