From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: From: Bastian Stender Date: Mon, 8 Jan 2018 16:18:16 +0100 Message-Id: <20180108151816.23953-2-bst@pengutronix.de> In-Reply-To: <20180108151816.23953-1-bst@pengutronix.de> References: <20180108151816.23953-1-bst@pengutronix.de> Subject: [ptxdist] [PATCH v2 2/2] python3: prevent host path leakage List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de Cc: Bastian Stender SWYgY3Jvc3MtY29tcGlsaW5nIGFuZCBob3N0L3RhcmdldCBhcmNoaXRlY3R1cmUgbWF0Y2ggaG9z dCBwYXRocyBhcmUKYWRkZWQgdG8gaW5jbHVkZV9kaXJzIGFuZCBsaWJyYXJ5X2RpcnMgaW4gYWRk X211bHRpYXJjaF9wYXRocygpIChlLmcuCi91c3IvbGliL2kzODYtbGludXgtZ251LCAvdXNyL2lu Y2x1ZGUvaTM4Ni1saW51eC1nbnUpLiBUaGlzIGxlYWRzIHRvCmJ1aWxkIGZhaWx1cmVzIGZvciBz b21lIGV4dGVuc2lvbnMgKGF0IGxlYXN0IF9zc2wgYW5kIF9zb2NrZXQpLgoKcHR4ZGlzdCBkb2Vz IG5vdCBzdXBwb3J0IG11bHRpYXJjaCwgc28gcmVtb3ZlIHRoaXMgYWRkaXRpb24gd2hlbgpjcm9z cy1jb21waWxpbmcuCgpTaWduZWQtb2ZmLWJ5OiBCYXN0aWFuIFN0ZW5kZXIgPGJzdEBwZW5ndXRy b25peC5kZT4KLS0tCkNoYW5nZXMgc2luY2UgKGltcGxpY2l0KSB2MToKLSBhZGQgbG9jYWwgcGF0 aHMgd2hlbiBub3QgY3Jvc3MtY29tcGlsaW5nCi0gcGVyZm9ybSBhZGRfbXVsdGlhcmNoX3BhdGhz KCkgb25seSB3aGVuIG5vdCBjcm9zcy1jb21waWxpbmcKLS0tCiAuLi4vMDAwMi1weXRob24zLXBy ZXZlbnQtaG9zdC1wYXRoLWxlYWthZ2UucGF0Y2ggICB8IDQyICsrKysrKysrKysrKysrKysrKysr KysKIHBhdGNoZXMvUHl0aG9uLTMuNS40L3NlcmllcyAgICAgICAgICAgICAgICAgICAgICAgIHwg IDMgKy0KIDIgZmlsZXMgY2hhbmdlZCwgNDQgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQog Y3JlYXRlIG1vZGUgMTAwNjQ0IHBhdGNoZXMvUHl0aG9uLTMuNS40LzAwMDItcHl0aG9uMy1wcmV2 ZW50LWhvc3QtcGF0aC1sZWFrYWdlLnBhdGNoCgpkaWZmIC0tZ2l0IGEvcGF0Y2hlcy9QeXRob24t My41LjQvMDAwMi1weXRob24zLXByZXZlbnQtaG9zdC1wYXRoLWxlYWthZ2UucGF0Y2ggYi9wYXRj aGVzL1B5dGhvbi0zLjUuNC8wMDAyLXB5dGhvbjMtcHJldmVudC1ob3N0LXBhdGgtbGVha2FnZS5w YXRjaApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAuLjhiMTNhZmJkOAotLS0g L2Rldi9udWxsCisrKyBiL3BhdGNoZXMvUHl0aG9uLTMuNS40LzAwMDItcHl0aG9uMy1wcmV2ZW50 LWhvc3QtcGF0aC1sZWFrYWdlLnBhdGNoCkBAIC0wLDAgKzEsNDIgQEAKK0Zyb206IEJhc3RpYW4g U3RlbmRlciA8YnN0QHBlbmd1dHJvbml4LmRlPgorRGF0ZTogTW9uLCA4IEphbiAyMDE4IDE2OjEx OjIzICswMTAwCitTdWJqZWN0OiBbUEFUQ0hdIHB5dGhvbjM6IHByZXZlbnQgaG9zdCBwYXRoIGxl YWthZ2UKKworSWYgY3Jvc3MtY29tcGlsaW5nIGFuZCBob3N0L3RhcmdldCBhcmNoaXRlY3R1cmUg bWF0Y2ggaG9zdCBwYXRocyBhcmUKK2FkZGVkIHRvIGluY2x1ZGVfZGlycyBhbmQgbGlicmFyeV9k aXJzIGluIGFkZF9tdWx0aWFyY2hfcGF0aHMoKSAoZS5nLgorL3Vzci9saWIvaTM4Ni1saW51eC1n bnUsIC91c3IvaW5jbHVkZS9pMzg2LWxpbnV4LWdudSkuIFRoaXMgbGVhZHMgdG8KK2J1aWxkIGZh aWx1cmVzIGZvciBzb21lIGV4dGVuc2lvbnMgKGF0IGxlYXN0IF9zc2wgYW5kIF9zb2NrZXQpLgor CitwdHhkaXN0IGRvZXMgbm90IHN1cHBvcnQgbXVsdGlhcmNoLCBzbyByZW1vdmUgdGhpcyBhZGRp dGlvbiB3aGVuCitjcm9zcy1jb21waWxpbmcuCisKK0Jhc2VkIG9uIGEgcGF0Y2ggYnkgQWxleGFu ZHJ1IEFyZGVsZWFuIDxhcmRlbGVhbmFsZXhAZ21haWwuY29tPi4KKworU2VlIHRoZXNlIHBhdGNo ZXMgZm9yIHJlZmVyZW5jZToKKy0gaHR0cHM6Ly9naXRodWIuY29tL29wZW53cnQvcGFja2FnZXMv cHVsbC83ODQKKy0gaHR0cHM6Ly9naXRodWIuY29tL29wZW53cnQvcGFja2FnZXMvYmxvYi9tYXN0 ZXIvbGFuZy9weXRob24vcHl0aG9uL3BhdGNoZXMvMDA2LXJlbW92ZS1tdWx0aS1hcmNoLWFuZC1s b2NhbC1wYXRocy5wYXRjaAorLSBodHRwOi8vY2dpdC5vcGVuZW1iZWRkZWQub3JnL29wZW5lbWJl ZGRlZC1jb3JlL3RyZWUvbWV0YS9yZWNpcGVzLWRldnRvb2xzL3B5dGhvbi9weXRob24vaG9zdF9p bmNsdWRlX2NvbnRhbWluYXRpb24ucGF0Y2gKKworU2lnbmVkLW9mZi1ieTogQmFzdGlhbiBTdGVu ZGVyIDxic3RAcGVuZ3V0cm9uaXguZGU+CistLS0KKyBzZXR1cC5weSB8IDQgKysrLQorIDEgZmls ZSBjaGFuZ2VkLCAzIGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24oLSkKKworZGlmZiAtLWdpdCBh L3NldHVwLnB5IGIvc2V0dXAucHkKK2luZGV4IGVlMDRkYmE4OGZhOC4uNWM3OWY1MGQ4OGFhIDEw MDY0NAorLS0tIGEvc2V0dXAucHkKKysrKyBiL3NldHVwLnB5CitAQCAtNDkzLDEwICs0OTMsMTIg QEAgY2xhc3MgUHlCdWlsZEV4dChidWlsZF9leHQpOgorICAgICAgICAgaWYgbm90IGNyb3NzX2Nv bXBpbGluZzoKKyAgICAgICAgICAgICBhZGRfZGlyX3RvX2xpc3Qoc2VsZi5jb21waWxlci5saWJy YXJ5X2RpcnMsICcvdXNyL2xvY2FsL2xpYicpCisgICAgICAgICAgICAgYWRkX2Rpcl90b19saXN0 KHNlbGYuY29tcGlsZXIuaW5jbHVkZV9kaXJzLCAnL3Vzci9sb2NhbC9pbmNsdWRlJykKKysKKysg ICAgICAgICAgICBzZWxmLmFkZF9tdWx0aWFyY2hfcGF0aHMoKQorKworICAgICAgICAgIyBvbmx5 IGNoYW5nZSB0aGlzIGZvciBjcm9zcyBidWlsZHMgZm9yIDMuMywgaXNzdWVzIG9uIE1hZ2VpYQor ICAgICAgICAgaWYgY3Jvc3NfY29tcGlsaW5nOgorICAgICAgICAgICAgIHNlbGYuYWRkX2djY19w YXRocygpCistICAgICAgICBzZWxmLmFkZF9tdWx0aWFyY2hfcGF0aHMoKQorIAorICAgICAgICAg IyBBZGQgcGF0aHMgc3BlY2lmaWVkIGluIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgTERGTEFH UyBhbmQKKyAgICAgICAgICMgQ1BQRkxBR1MgZm9yIGhlYWRlciBhbmQgbGlicmFyeSBmaWxlcy4K ZGlmZiAtLWdpdCBhL3BhdGNoZXMvUHl0aG9uLTMuNS40L3NlcmllcyBiL3BhdGNoZXMvUHl0aG9u LTMuNS40L3NlcmllcwppbmRleCA3ZjNiM2QwNjkuLjEzNDE0ZDk3MyAxMDA2NDQKLS0tIGEvcGF0 Y2hlcy9QeXRob24tMy41LjQvc2VyaWVzCisrKyBiL3BhdGNoZXMvUHl0aG9uLTMuNS40L3Nlcmll cwpAQCAtMSw0ICsxLDUgQEAKICMgZ2VuZXJhdGVkIGJ5IGdpdC1wdHgtcGF0Y2hlcwogI3RhZzpi YXNlIC0tc3RhcnQtbnVtYmVyIDEKIDAwMDEtcHl0aG9uMy1kb24tdC1sZWFrLWhvc3QtcGF0aC1p bnRvLWNyb3NzLWNvbXBpbGF0aW9uLnBhdGNoCi0jIDNhODU3NzhmMzZjMzExNmYwN2M1NWVmY2E3 Y2NiMWE3ICAtIGdpdC1wdHgtcGF0Y2hlcyBtYWdpYworMDAwMi1weXRob24zLXByZXZlbnQtaG9z dC1wYXRoLWxlYWthZ2UucGF0Y2gKKyMgZmMwMzJlNTZiZDZkNmQ5YTg5MmU3NTBjMThmYTVlMGQg IC0gZ2l0LXB0eC1wYXRjaGVzIG1hZ2ljCi0tIAoyLjExLjAKCgpfX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fXwpwdHhkaXN0IG1haWxpbmcgbGlzdApwdHhkaXN0 QHBlbmd1dHJvbml4LmRl