7 points | by Brajeshwar 6 hours ago ago
3 comments
Is there a solid reference resource on handling symlinks? It seems a never ending source of security bugs.
The new os.Root is supposed to handle symlinks correctly in a sandbox, but (of course?) the first release had a bug related to symlinks.
Agreed. Not a direct answer but this should be interesting: https://github.com/cyphar/filepath-securejoin
Is there a solid reference resource on handling symlinks? It seems a never ending source of security bugs.
The new os.Root is supposed to handle symlinks correctly in a sandbox, but (of course?) the first release had a bug related to symlinks.
Agreed. Not a direct answer but this should be interesting: https://github.com/cyphar/filepath-securejoin