Details

Reviewers

allanjude
dteske

Commits

rG3bcd261265e1: bsdinstall: allow overriding DISTRIBUTIONS in the normal auto mode

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

brd created this revision.May 30 2022, 5:11 PM

Herald added a subscriber: imp. · View Herald TranscriptMay 30 2022, 5:11 PM

brd requested review of this revision.May 30 2022, 5:11 PM

Harbormaster completed remote builds in B45770: Diff 106479.May 30 2022, 5:11 PM

Changes required.

usr.sbin/bsdinstall/scripts/auto
155	The formatting here is not correct and also opens the program to a Denial-of-Service attack. For example, were I to set "DISTRIBUTIONS" variable to "/* // ///* ////" then -- because the expansion of "${DISTRIBUTIONS:=...}" will place the wildcards into the argument scope of ":" command, cause the shell to attempt to expand all the globs which will result in massive filesystem access and hang the program. See suggested edit for proper formatting that will also prevent Denial-of-Service

This revision now requires changes to proceed.May 30 2022, 5:54 PM

I will also note that the removal of the "export" may cause issues. There would be other acceptable solutions, such as:

export DISTRIBUTIONS="${DISTRIBUTIONS:-base.txz kernel.txz}"

Which I think I like more

dteske added inline comments.May 30 2022, 6:08 PM

usr.sbin/bsdinstall/scripts/auto
155	Current suggestion (prevent Denial-of-Service and keep export while still allowing underride)

Address feedback from dteske

Harbormaster completed remote builds in B45804: Diff 106529.Jun 1 2022, 3:05 PM

Aha, I got arc to do what I wanted!

The raw diff [1] looks funny. The "before" (line removed) doesn't match what is in head [2].

[1] https://reviews.freebsd.org/file/data/gpestj4gip62y5xbunh3/PHID-FILE-mrgzvmtcys7du2upsagn/D35355.vson.id106529.diff
[2] https://cgit.freebsd.org/src/tree/usr.sbin/bsdinstall/scripts/auto#n155

In D35355#802164, @dteske wrote:

The raw diff [1] looks funny. The "before" (line removed) doesn't match what is in head [2].

[1] https://reviews.freebsd.org/file/data/gpestj4gip62y5xbunh3/PHID-FILE-mrgzvmtcys7du2upsagn/D35355.vson.id106529.diff
[2] https://cgit.freebsd.org/src/tree/usr.sbin/bsdinstall/scripts/auto#n155

Hmm, maybe I need to squash the two commits together? arc+git is kinda weird..

Try arc with "HEAD^^"

Harbormaster completed remote builds in B45816: Diff 106572.Jun 2 2022, 2:59 PM

Squashed version

Harbormaster completed remote builds in B45817: Diff 106573.Jun 2 2022, 3:01 PM

There we go. This looks to be all good.

This revision is now accepted and ready to land.Jun 2 2022, 5:20 PM

@dteske TYVM!

Closed by commit rG3bcd261265e1: bsdinstall: allow overriding DISTRIBUTIONS in the normal auto mode (authored by brd). · Explain WhyJun 6 2022, 1:24 AM

This revision was automatically updated to reflect the committed changes.

brd added a commit: rG3bcd261265e1: bsdinstall: allow overriding DISTRIBUTIONS in the normal auto mode.