#3528 NORM First D: Manifest-checking code needs audit.

Zarro Boogs per Child bugtracker at laptop.org
Mon Sep 17 16:50:42 EDT 2007


#3528: Manifest-checking code needs audit.
----------------------+-----------------------------------------------------
 Reporter:  mstone    |       Owner:  cscott                
     Type:  defect    |      Status:  new                   
 Priority:  normal    |   Milestone:  First Deployment, V1.0
Component:  security  |     Version:                        
 Keywords:  security  |    Verified:  0                     
----------------------+-----------------------------------------------------
 There are some latent bugs in the current manifest checking code, for
 example: the checker uses blind character-matching to compute some file
 offsets in a way that could be broken by filenames containing square-
 brackets.

 So far, since the bugs are not critical to the package's functionality,
 I'm content to document them and move on.

-- 
Ticket URL: <https://dev.laptop.org/ticket/3528>
One Laptop Per Child <https://dev.laptop.org>
OLPC bug tracking system



More information about the Bugs mailing list