GNU bug report logs - #59521
package installation fail when home dir contains a @

Previous Next

Package: guix;

Reported by: pofman <at> free.fr

Date: Wed, 23 Nov 2022 19:03:02 UTC

Severity: normal

Full log

View this message in rfc822 format

From: Julien Lepiller <julien <at> lepiller.eu>
To: 59521 <at> debbugs.gnu.org, pofman <at> free.fr
Subject: bug#59521: package installation fail when home dir contains a @
Date: Wed, 23 Nov 2022 21:03:32 +0100

[Message part 1 (text/plain, inline)]
Oh no, do we have a Texi injection vulnerability in Guix? :)

What I understand is that an error occurs when trying to show a hint to the user (display-hint in the backtrace). This calls texi->plain-text which transforms texinfo markup to text for displaying on a terminal. With your user name, it tries to read something like:

/home/~a/.guix-profile/etc/profile

Which is expanded into:

/home/user <at> foo.bar/.guix-profile/etc/profile

And the @ is understood as texinfo markup but there is no @foo command in texinfo. How do we fix that though?

Le 23 novembre 2022 13:46:30 GMT+01:00, pofman <at> free.fr a écrit :
>Hello!
>
>I use the guix package manager on ubuntu 22.04.
>
>I have successfully installed fdm and mu packages but I got an error when installing emacs package.
>
>My user is a domain user, the domain name is 'foo.bar' and then sssd use a home directory like '/home/user <at> foo.bar' which seems to cause that error.
>
>Installation log:
>$ LANG=C guix install emacs
>The following package will be installed:
>   emacs 28.2
>
>hint: Backtrace:
>          17 (primitive-load "/home/user <at> foo.bar/.config/guix?")
>In guix/ui.scm:
>   2275:7 16 (run-guix . _)
>  2238:10 15 (run-guix-command _ . _)
>In ice-9/boot-9.scm:
>  1752:10 14 (with-exception-handler _ _ #:unwind? _ # _)
>In guix/status.scm:
>    835:3 13 (_)
>    815:4 12 (call-with-status-report _ _)
>In guix/store.scm:
>   1300:8 11 (call-with-build-handler _ _)
>   1300:8 10 (call-with-build-handler #<procedure 7f83d177e480 at g?> ?)
>In guix/build/syscalls.scm:
>   1435:3  9 (_)
>   1402:4  8 (call-with-file-lock/no-wait _ _ _)
>In guix/scripts/package.scm:
>    325:7  7 (build-and-use-profile _ "/var/guix/profiles/per-user/?" ?)
>In guix/ui.scm:
>    312:5  6 (display-hint _ _)
>  1448:24  5 (texi->plain-text _)
>In texinfo.scm:
>  1132:22  4 (parse _)
>   980:31  3 (loop #<input: string 7f83bec67a10> (*fragment*) _ _ _)
>   967:36  2 (loop #<input: string 7f83bec67a10> #f #<procedure ide?> ?)
>     92:2  1 (command-spec _)
>In ice-9/boot-9.scm:
>  1685:16  0 (raise-exception _ #:continuable? _)
>
>ice-9/boot-9.scm:1685:16: In procedure raise-exception:
>Throw to key `parser-error' with args `(#f "Unknown command" foo)'.
>
>
>

[Message part 2 (text/html, inline)]
This bug report was last modified 2 years and 266 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.