[Caml-list] [URGENT] To all macOS/BSD opam users: critical problem with camlp5 7.03

caml-list - the Caml user's mailing list
 help / color / mirror / Atom feed

* [Caml-list] [URGENT] To all macOS/BSD opam users: critical problem with camlp5 7.03
@ 2018-05-07  9:49 Louis Gesbert
  0 siblings, 0 replies; only message in thread
From: Louis Gesbert @ 2018-05-07  9:49 UTC (permalink / raw)
  To: caml-list

!! opam users on macOS or BSD systems are at risk of losing their files
!! if they didn't update since Feb. 18th.

    Full details, including advice for restoring your system to safety, are
    available at https://opam.ocaml.org/blog/camlp5-system/

A problem was identified in February with the camlp5 7.03 package when 
installed via opam. Under certain circumstances, it is possible for the 
package removal instructions to execute `rm -rf /` with potentially
devastating consequences for your files if your rm command is non-GNU (and so 
doesn’t support the --preserve-root default option) which includes macOS and 
other BSDs.

Initially, this was seen non-fatally on GNU/Linux systems and it was believed 
to have been successfully patched on 18 Feb with only a 48 hour window for 
problems for anyone who updated opam between 16 and 18 Feb and then hadn’t 
updated since, however we failed to take upgrading the system
compiler into account. If you haven’t updated opam since 18 Feb 2018, have 
camlp5 installed in your system switch and upgrade your system compiler to 
OCaml 4.06.1 using your OS package manager, then your system is at risk from 
this issue.

Most regrettably, several users have been hit by this issue. This issue 
affects opam 1.x only - if you have been testing the opam 2 release candidate 
then your system is not affected (but we still recommend you run opam update 
regularly).

We are trying to reach as widely as possible in the hope that everyone will be 
safe from this issue. It is taken seriously, and sandboxing support for Linux 
and MacOS was added to the upcoming opam 2 Release Candidate 2, ensuring this 
kind of issue won't happen again in the future.

Louis Gesbert — OCamlPro

-- 
Caml-list mailing list.  Subscription management and archives:
https://sympa.inria.fr/sympa/arc/caml-list
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
Bug reports: http://caml.inria.fr/bin/caml-bugs

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2018-05-07  9:50 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-07  9:49 [Caml-list] [URGENT] To all macOS/BSD opam users: critical problem with camlp5 7.03 Louis Gesbert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).