From: Louis Gesbert <louis.gesbert@ocamlpro.com>
To: caml-list <caml-list@inria.fr>
Subject: [Caml-list] [URGENT] To all macOS/BSD opam users: critical problem with camlp5 7.03
Date: Mon, 07 May 2018 11:49:58 +0200 [thread overview]
Message-ID: <2822590.FcTDX2uvtl@maitake> (raw)
!! opam users on macOS or BSD systems are at risk of losing their files
!! if they didn't update since Feb. 18th.
Full details, including advice for restoring your system to safety, are
available at https://opam.ocaml.org/blog/camlp5-system/
A problem was identified in February with the camlp5 7.03 package when
installed via opam. Under certain circumstances, it is possible for the
package removal instructions to execute `rm -rf /` with potentially
devastating consequences for your files if your rm command is non-GNU (and so
doesn’t support the --preserve-root default option) which includes macOS and
other BSDs.
Initially, this was seen non-fatally on GNU/Linux systems and it was believed
to have been successfully patched on 18 Feb with only a 48 hour window for
problems for anyone who updated opam between 16 and 18 Feb and then hadn’t
updated since, however we failed to take upgrading the system
compiler into account. If you haven’t updated opam since 18 Feb 2018, have
camlp5 installed in your system switch and upgrade your system compiler to
OCaml 4.06.1 using your OS package manager, then your system is at risk from
this issue.
Most regrettably, several users have been hit by this issue. This issue
affects opam 1.x only - if you have been testing the opam 2 release candidate
then your system is not affected (but we still recommend you run opam update
regularly).
We are trying to reach as widely as possible in the hope that everyone will be
safe from this issue. It is taken seriously, and sandboxing support for Linux
and MacOS was added to the upcoming opam 2 Release Candidate 2, ensuring this
kind of issue won't happen again in the future.
Louis Gesbert — OCamlPro
--
Caml-list mailing list. Subscription management and archives:
https://sympa.inria.fr/sympa/arc/caml-list
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
Bug reports: http://caml.inria.fr/bin/caml-bugs
reply other threads:[~2018-05-07 9:50 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2822590.FcTDX2uvtl@maitake \
--to=louis.gesbert@ocamlpro.com \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).