-
- Downloads
lib/model, lib/versioner: Prevent symlink attack via versioning (fixes #4286)
Prior to this, the following is possible: - Create a symlink "foo -> /somewhere", it gets synced - Delete "foo", it gets versioned - Create "foo/bar", it gets synced - Delete "foo/bar", it gets versioned in "/somewhere/bar" With this change, versioners should never version symlinks.
Showing
- lib/model/model_test.go 18 additions, 0 deletionslib/model/model_test.go
- lib/model/requests_test.go 81 additions, 0 deletionslib/model/requests_test.go
- lib/model/rwfolder.go 2 additions, 2 deletionslib/model/rwfolder.go
- lib/versioner/external.go 6 additions, 1 deletionlib/versioner/external.go
- lib/versioner/simple.go 5 additions, 0 deletionslib/versioner/simple.go
- lib/versioner/staggered.go 6 additions, 1 deletionlib/versioner/staggered.go
- lib/versioner/trashcan.go 6 additions, 1 deletionlib/versioner/trashcan.go
- lib/versioner/versioner.go 26 additions, 0 deletionslib/versioner/versioner.go
Loading
Please register or sign in to comment