From 59d94f3056af20f4dfb0d08790b6fa362557b871 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Mon, 24 Jun 2024 18:22:20 -0400 Subject: [PATCH] Use allow-all-names instead of allow-unsafe-characters As pointed out by Andrew David Wong the latter name is unnecessarily alarming. No backwards compatibility is provided because users should not need to remember to blocklist two different strings in their qrexec policies. Denying "+allow-all-names" should be sufficient. Reported-by: Andrew David Wong Fixes: QubesOS/qubes-issues#8332 (for real this time) --- qubes-rpc/qfile-unpacker.c | 4 ++-- qubes-rpc/qubes-fs-tree-check.c | 4 ++-- qubes-rpc/qubes.Filecopy | 2 +- qubes-rpc/qvm-copy | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/qubes-rpc/qfile-unpacker.c b/qubes-rpc/qfile-unpacker.c index 57a8a2c8..aa14244c 100644 --- a/qubes-rpc/qfile-unpacker.c +++ b/qubes-rpc/qfile-unpacker.c @@ -72,8 +72,8 @@ enum { }; const struct option opts[] = { - { "no-allow-unsafe-characters", no_argument, NULL, opt_no_allow_unsafe_characters }, - { "allow-unsafe-characters", no_argument, NULL, opt_allow_unsafe_characters }, + { "no-allow-all-names", no_argument, NULL, opt_no_allow_unsafe_characters }, + { "allow-all-names", no_argument, NULL, opt_allow_unsafe_characters }, { "no-allow-unsafe-symlinks", no_argument, NULL, opt_no_allow_unsafe_symlinks }, { "allow-unsafe-symlinks", no_argument, NULL, opt_allow_unsafe_symlinks }, { "verbose", no_argument, NULL, 'v' }, diff --git a/qubes-rpc/qubes-fs-tree-check.c b/qubes-rpc/qubes-fs-tree-check.c index 57506ee2..741f4ea8 100644 --- a/qubes-rpc/qubes-fs-tree-check.c +++ b/qubes-rpc/qubes-fs-tree-check.c @@ -191,8 +191,8 @@ const struct option opts[] = { {"no-allow-symlinks", no_argument, NULL, 'A'}, {"allow-directories", no_argument, NULL, 'd'}, {"no-allow-directories", no_argument, NULL, 'D'}, - {"allow-unsafe-characters", no_argument, NULL, 'u'}, - {"no-allow-unsafe-characters", no_argument, NULL, 'U'}, + {"allow-all-names", no_argument, NULL, 'u'}, + {"no-allow-all-names", no_argument, NULL, 'U'}, {0, 0, NULL, 0}, }; diff --git a/qubes-rpc/qubes.Filecopy b/qubes-rpc/qubes.Filecopy index 75238ee0..600111b0 100755 --- a/qubes-rpc/qubes.Filecopy +++ b/qubes-rpc/qubes.Filecopy @@ -5,7 +5,7 @@ then fi case $1 in ('') arg=;; -(allow-unsafe-characters) arg=--allow-unsafe-characters;; +(allow-all-names) arg=--allow-all-names;; (*) printf 'Unexpected argument %s\n' "$1" >&2; exit 1;; esac exec /usr/lib/qubes/qfile-unpacker $arg diff --git a/qubes-rpc/qvm-copy b/qubes-rpc/qvm-copy index 94af07a4..57987d12 100755 --- a/qubes-rpc/qvm-copy +++ b/qubes-rpc/qvm-copy @@ -88,7 +88,7 @@ if FILECOPY_TOTAL_SIZE=$("$scriptdir/qubes/qubes-fs-tree-check" \ else status=$? if [[ "$status" -ne 2 ]]; then exit "$status"; fi - service=qubes.Filecopy+allow-unsafe-characters + service=qubes.Filecopy+allow-all-names fi if [[ "$PROGRESS_TYPE" = 'console' ]]; then export FILECOPY_TOTAL_SIZE; fi