coq-club AT inria.fr
Subject: The Coq mailing list
List archive
[Coq-Club] [URGENT] To all macOS/BSD opam users: critical problem with camlp5 7.03
Chronological Thread
- From: Louis Gesbert <louis.gesbert AT ocamlpro.com>
- To: Coq Club <coq-club AT inria.fr>
- Subject: [Coq-Club] [URGENT] To all macOS/BSD opam users: critical problem with camlp5 7.03
- Date: Mon, 07 May 2018 11:56:17 +0200
- Authentication-results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=louis.gesbert AT ocamlpro.com; spf=None smtp.mailfrom=louis.gesbert AT ocamlpro.com; spf=Pass smtp.helo=postmaster AT mail.antislash.info
- Ironport-phdr: 9a23:L6SolRDPFJ9oFEyNyQunUyQJP3N1i/DPJgcQr6AfoPdwSPT7o8bcNUDSrc9gkEXOFd2Cra4c0KyO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fcbglUijexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Qiqp4bt1RxD0iScHLz85/3/Risxsl6JQvRatqwViz4LIfI2ZMfxzdb7fc9wHX2pMRsZfWTJcDI2ybIUAAOUPMvpDoonhvlsDtweyCRWwCO7tzDJDm3/43bc90+QkCQzI2gsgH88PsHTPsd77NbkdUfuuw6bW1zXDc+5d1DD56IjPbxAhoOqMUah/ccXP0kkgDB3Kjk+MqYH+ODOayv4Cs22f7+p4T+KvjHQrpB12ojiq38ohjJTCiIwSylDB7yp5wYA1KMW/SEFne9GkFZ9QuzudN4tsTcMvRXxjtiUiyrAet5O2fjIGxIkkyhPdcfCLbYeF7x35WOufIDp1gm9udqiliBao60egz/XxVsmq31ZOqSpIitzMuWoM1xzX8MSIUP19/lug2TaU0wDc8PpEIUAumaraLZ4hzLkwmoISsUTFACD2hF37gaGUe0k+5+Sl6Obqbq/4qpKTOIJ4kA/zP6U2lsy6G+s4MwwOX2aB+eS70b3u5Un5QLJXjv03ianVqp/aKtoApqGiHQBVyJoj5g24Dzi6ytsYmH0HLEpfeBKAlYTmJ1bOIPXgAfeln1usiCtrx+zBPrD5HprNKWHDnK79crZ59k5T0xE+zctf5pJRErEOOuj/Wk73tNzCDx82KRa4w+j9CIY16oRLcmWWSoSdLama5VSP/6ckJ/SGTI4Tojf0bfY/sa3Al3g8zHsaYKiylbQac3q1BOgud0GefHv3xNgMCm0HpBYWS+fjjVmaSzkVbHG3CfFvrgonAZ6rWN+QDrumh6aMiWLiRsUPNzJ2T2uUGHKtTL2qHvIFaSacOMhky2BWUrOoTos5zxbovwj/meI+crjkvxYAvJem7+BbovXJnEhupzt/BsGZy3uKCWpzmzFQHmJk7OVEuUV4j2y7/+14jvhfT4UB4vpIVkEzM4Ld1OhzENC0WwTPeYXQRQ==
!! opam users on macOS or BSD systems are at risk of losing their files
!! if they didn't run `opam update` since Feb. 18th.
Full details, including advice for restoring your system to safety, are
available at https://opam.ocaml.org/blog/camlp5-system/
Note that any user of Coq will necessarily have camlp5 installed too !
(apologies for cross-posting with caml-list)
A problem was identified in February with the camlp5 7.03 package when
installed via opam. Under certain circumstances, it is possible for the
package removal instructions to execute `rm -rf /` with potentially
devastating consequences for your files if your rm command is non-GNU (and so
doesn’t support the --preserve-root default option) which includes macOS and
other BSDs.
Initially, this was seen non-fatally on GNU/Linux systems and it was believed
to have been successfully patched on 18 Feb with only a 48 hour window for
problems for anyone who updated opam between 16 and 18 Feb and then hadn’t
updated since, however we failed to take upgrading the system
compiler into account. If you haven’t updated opam since 18 Feb 2018, have
camlp5 installed in your system switch and upgrade your system compiler to
OCaml 4.06.1 using your OS package manager, then your system is at risk from
this issue.
Most regrettably, several users have been hit by this issue. This issue
affects opam 1.x only - if you have been testing the opam 2 release candidate
then your system is not affected (but we still recommend you run opam update
regularly).
We are trying to reach as widely as possible in the hope that everyone will
be
safe from this issue. It is taken seriously, and sandboxing support for Linux
and MacOS was added to the upcoming opam 2 Release Candidate 2, ensuring this
kind of issue won't happen again in the future.
Louis Gesbert — OCamlPro
- [Coq-Club] [URGENT] To all macOS/BSD opam users: critical problem with camlp5 7.03, Louis Gesbert, 05/07/2018
- Re: [Coq-Club] [URGENT] To all macOS/BSD opam users: critical problem with camlp5 7.03, Yixuan Chen, 05/07/2018
Archive powered by MHonArc 2.6.18.