From 4accd117026e378f2f68d3e02e4e04cd9bd21fd3 Mon Sep 17 00:00:00 2001 From: Thomas Leonard Date: Sun, 28 Jun 2009 17:03:35 +0100 Subject: [PATCH] Security fix: hard-code /var/cache/0install.net/implementations in 0store-secure-add --- 0store-secure-add | 2 +- 0store-secure-add.1 | 9 +++------ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/0store-secure-add b/0store-secure-add index 0047fb3..cff307d 100755 --- a/0store-secure-add +++ b/0store-secure-add @@ -15,7 +15,7 @@ try: stores = zerostore.Stores() - manifest.copy_tree_with_verify('.', stores.get_first_system_store().dir, + manifest.copy_tree_with_verify('.', '/var/cache/0install.net/implementations', manifest_data, required_digest) except (IOError, SafeException), ex: print >>sys.stderr, ex diff --git a/0store-secure-add.1 b/0store-secure-add.1 index e81fa62..f4681a8 100644 --- a/0store-secure-add.1 +++ b/0store-secure-add.1 @@ -10,7 +10,7 @@ .SH DESCRIPTION .PP This command imports the current directory into the system-wide shared Zero -Install cache (by default, as /var/cache/0install.net/implementations/DIGEST). +Install cache, as /var/cache/0install.net/implementations/DIGEST. This allows a program downloaded by one user to be shared with other users. .PP @@ -63,14 +63,11 @@ The other Zero Install programs will call this helper script automatically. .SH FILES .IP "/var/cache/0install.net/implementations" -Default system-wide Zero Install cache. - -.IP "~/.config/0install.net/injector/implementation-dirs" -List of system cache directories, one per line. +System-wide Zero Install cache. .SH LICENSE .PP -Copyright (C) 2007 Thomas Leonard. +Copyright (C) 2009 Thomas Leonard. .PP You may redistribute copies of this program under the terms of the GNU Lesser General Public License. -- 2.11.4.GIT