No worries Michael! Yes we're doing traversal from root to avoid that issue. :-)
Kevin: Any chance you can upgrade those old systems? We try to support roughly the last 2 LTS releases for major distros / operating systems but don't have time to go out of our way to maintain compatibility with really old systems. If you or someone else wants to craft a patch to maintain compatibility with those older systems and can submit a PR on Github, we'd be happy to test it & integrate it -- provided it doesn't break other things. -Micah On 7/16/20, 4:24 PM, "clamav-users on behalf of Michael Orlitzky via clamav-users" <[email protected] on behalf of [email protected]> wrote: On 2020-07-16 19:10, Michael Orlitzky via clamav-users wrote: > > Micah: openat() only provides "one level of safety" in that when opening > /foo/bar/baz, it ensures that "baz" is where you think it is. You may > want to investigate whether or not an attacker can replace "bar" by a > symlink in that situation. False alarm, I guess this is the problem that was reported because the fix already traverses the path from the root upwards. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
