On Sun, Jun 4, 2023 at 2:03 PM Michael Orlitzky <m...@gentoo.org> wrote:
> On Sun, 2023-06-04 at 13:31 -0400, Mike Gilbert wrote:
> > This allows users to maintain the saved config file in some other
> > location.
> >
> If so, the symlink should point to a superuser-only location to avoid
> creating any new vulnerabilities. We can't fix the general problem, but
> we could at least mention in the docs that symlinks will (now) be
> followed and that users should be careful if they want to maintain the
> files elsewhere.

That seems self-evident to me, and I don't think it warrants a callout
in the documentation.

Reply via email to