>>>>> On Tue, 10 Apr 2018 08:32:45 +0200, Radosław Korzeniewski said: > > 2018-04-09 13:42 GMT+02:00 Martin Simmons <mar...@lispworks.com>: > > > Restoring through a symlink can cause a security vulnerability (see > > https://cwe.mitre.org/data/definitions/61.html). > > > > I'm not sure if this CWE apply in this situation (I could be wrong) but I > accept the response. In my opinion it limits the user flexibility on the > benefit of security - as always. :)
Yes, your symlink is probably secure if you deny changes to /opt and /opt/bacula-devel, but in other cases the ancestor directories containing the symlink might be under the control of a non-privileged user. For example, /tmp/bacula-restores in the default config, or if a user wants something restored to /home/user/important-files. __Martin ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Bacula-devel mailing list Bacula-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-devel
