From: Simon Ruderich <simon@ruderich.org>
Date: Tue, 1 Jun 2021 05:59:59 +0000 (+0200)
Subject: remote: guard against symlinks in earlier path components
X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=2804606f9f8dc5078c38580bac363b47eb638620;hp=2804606f9f8dc5078c38580bac363b47eb638620;p=safcm%2Fsafcm.git

remote: guard against symlinks in earlier path components

This was only an issue when syncing files to directories where other
users have write access to the parent directory. For example when
copying files to /home/user/.ssh/authorized_keys the user could replace
.ssh with a symlink which permitted overwriting authorized_keys anywhere
on the system.

Fix possible attacks by using *at syscalls and disallowing symlinks in
all path components except for the last of synced paths. Syncing
symlinks is obviously still permitted.
---