On Sun, 2023-06-04 at 13:31 -0400, Mike Gilbert wrote:
> This allows users to maintain the saved config file in some other
> location.

If so, the symlink should point to a superuser-only location to avoid
creating any new vulnerabilities. We can't fix the general problem, but
we could at least mention in the docs that symlinks will (now) be
followed and that users should be careful if they want to maintain the
files elsewhere.

Reply via email to