Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2516

Extend the set of trusted symlinks

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.11.0, 3.10.2
    • Component/s: Promise type: files
    • Labels:
      None

      Description

      Currently, the only usable symlinks (safe_open* functions) are when the user and group of the link are the same as the destination.

      It may be inconvenient for users, and we could probably make it less restrictive in some other cases:

      • Symlinks owned by root
      • Symlinks owned the the user currently running the agent

      Do you see any potential risk with this change?

        Attachments

          Activity

            People

            Assignee:
            a10040 Kristian Amlie
            Reporter:
            amousset Alexis Mousset
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: