Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2516

Extend the set of trusted symlinks

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.11.0, 3.10.2
    • Component/s: Promise type: files
    • Labels:
      None

      Description

      Currently, the only usable symlinks (safe_open* functions) are when the user and group of the link are the same as the destination.

      It may be inconvenient for users, and we could probably make it less restrictive in some other cases:

      • Symlinks owned by root
      • Symlinks owned the the user currently running the agent

      Do you see any potential risk with this change?

        Attachments

          Activity

            People

            • Assignee:
              a10040 Kristian Amlie
              Reporter:
              amousset Alexis Mousset
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Summary Panel