>>>>> On Tue, 10 Apr 2018 08:32:45 +0200, Radosław Korzeniewski said:
> 2018-04-09 13:42 GMT+02:00 Martin Simmons <mar...@lispworks.com>:
> > Restoring through a symlink can cause a security vulnerability (see
> > https://cwe.mitre.org/data/definitions/61.html).
> >
> I'm not sure if this CWE apply in this situation (I could be wrong) but I
> accept the response. In my opinion it limits the user flexibility on the
> benefit of security - as always. :)

Yes, your symlink is probably secure if you deny changes to /opt and
/opt/bacula-devel, but in other cases the ancestor directories containing the
symlink might be under the control of a non-privileged user.  For example,
/tmp/bacula-restores in the default config, or if a user wants something
restored to /home/user/important-files.


Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Bacula-devel mailing list

Reply via email to