serioius resgression with cpio -p and symlinks in busybox 1.28.2
Denys Vlasenko
vda.linux at googlemail.com
Sat Mar 31 14:25:57 UTC 2018
I can release a 1.28.3 in a few days if you want. Do you?
Let's see what else would crop up during weekend.
On Fri, Mar 30, 2018 at 1:29 PM, Natanael Copa <ncopa at alpinelinux.org> wrote:
> Hi,
>
> There is a serious regression in busybox 1.28.2 that breaks booting
> alpine linux machines.
>
> The problem comes from /bin/sh -> /bin/busybox symlink no longer getting copied with cpio -p.
>
> To reproduce:
>
> $ mkdir -p 1/bin 2
> $ ln -s /bin/busybox 1/bin/sh
> $ (cd 1 && echo "/bin/sh" | cpio -vdmp ../2)
> bin/sh
> 1 blocks
> $ find 2/
> 2/
> 2/bin
>
> The /bin/sh symlink was silently ignored and this causes the
> initramfs's #/bin/sh script fail at boot.
>
> It was previously possible to work around it by setting
> EXTRACT_UNSAFE_SYMLINKS=1 but this no longer works.
>
> https://git.alpinelinux.org/cgit/aports/commit/main/mkinitfs?id=1b6a167de8ce02d69dc8a8c8f4638aefd27c0ebe
>
> Downstream bug report:
> https://bugs.alpinelinux.org/issues/8751
>
> -nc
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
More information about the busybox
mailing list