Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reserve windows crate names. #695

Merged
merged 1 commit into from Apr 30, 2017
Merged

Reserve windows crate names. #695

merged 1 commit into from Apr 30, 2017

Conversation

withoutboats
Copy link
Contributor

These names will break cargo on windows machines if uploaded to
the registry.

@withoutboats
Reserve windows crate names.
35cea41 
These names will break cargo on windows machines if uploaded to
the registry.
@withoutboats
Copy link
Contributor Author

NOTE: I do not have a working dev environment for crates.io and I have NOT tested these migrations.

@withoutboats withoutboats mentioned this pull request Apr 30, 2017
Closed
@withoutboats
Copy link
Contributor Author

(also I believe crates.io's namespace is case insensitive let me know if that's wrong)

@est31
Copy link
Member

est31 commented Apr 30, 2017

Also worth testing is whether crates.io has name length restrictions, as too long names could trigger similar situations.

@carols10cents carols10cents merged commit f1e4e4d into rust-lang:master Apr 30, 2017
@carols10cents
Copy link
Member

@est31 while i'm fixing this, could you create an issue to investigate long names?

@est31
Copy link
Member

est31 commented Apr 30, 2017

@carols10cents sure! #696

@carols10cents
Copy link
Member

Staging deploy complete, deploying to production now.

@carols10cents
Copy link
Member

Production deploy done, and crate removed from the index. Please open new issues for any other problems. Thanks!

@carols10cents carols10cents mentioned this pull request May 1, 2017
Merged
@leipert leipert mentioned this pull request May 7, 2017
Closed
@kurtseifried
Copy link

This is covered by CWE-67 https://cwe.mitre.org/data/definitions/67.html and may need a CVE, I assume private rust repos are a possibility?

@jpluimers
Copy link

Based on https://msdn.microsoft.com/en-us/library/aa578688.aspx you might want to avoid CLOCK$ and drive letters like A: as well.

Various other sources confirm that for instance https://support.microsoft.com/en-us/help/74496/ms-dos-device-driver-names-cannot-be-used-as-file-names

@withoutboats
Copy link
Contributor Author

@jpluimers crate names cannot contain either $ or :.

@jpluimers
Copy link

@withoutboats thanks.

@Stanzilla Stanzilla mentioned this pull request Jul 30, 2020
Closed
pietroalbini added a commit to pietroalbini/crates.io that referenced this pull request Feb 10, 2021
@pietroalbini
add COM0 and LPT0 to the list of reserved crate names
defef17 
In rust-lang#695 we added all the documented reserved Windows file names to the
list of reserved crate names, to prevent people from registering crates
named that way and breaking all Windows users in the process.

Unfortunately it turns out that COM0 and LPT0 are *also* reserved on
Windows systems, but they're not documented in Microsoft's docs. This PR
adds both names to the reserved crate names list.

Note that the migration here is a no-op on the production crates.io
instance, as both names were manually added to the database before
opening this PR.
@pietroalbini pietroalbini mentioned this pull request Feb 10, 2021
Merged
pietroalbini added a commit to pietroalbini/crates.io that referenced this pull request Feb 10, 2021
@pietroalbini
add COM0 and LPT0 to the list of reserved crate names
4f6b8c9 
In rust-lang#695 we added all the documented reserved Windows file names to the
list of reserved crate names, to prevent people from registering crates
named that way and breaking all Windows users in the process.

Unfortunately it turns out that COM0 and LPT0 are *also* reserved on
Windows systems, but they're not documented in Microsoft's docs. This PR
adds both names to the reserved crate names list.

Note that the migration here is a no-op on the production crates.io
instance, as both names were manually added to the database before
opening this PR.
bors added a commit that referenced this pull request Feb 13, 2021
@bors
Auto merge of #3271 - pietroalbini:com0-lpt0, r=jtgeibel
feb3651 
Add COM0 and LPT0 to the list of reserved crate names

In #695 we added all the documented reserved Windows file names to the list of reserved crate names, to prevent people from registering crates named that way and breaking all Windows users in the process.

Unfortunately it turns out that COM0 and LPT0 are *also* reserved on Windows systems, but they're not documented in Microsoft's docs. This PR adds both names to the reserved crate names list.

Note that the migration here is a no-op on the production crates.io instance, as both names were manually added to the database before opening this PR.

r? `@jtgeibel`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@withoutboats @est31 @carols10cents @kurtseifried @jpluimers