~whynothugo/pimsync#94: 
Symlinks are followed in vdir storages

From the security audit report:

Symlinks are followed by the vdirsyncer implementation even if they fall outside the target sync directory.

Due to the way that vdirsyncer perform atomic writes, it would never write to a location outside the vdir, even in the presence of a symlink. It would simply create a new file and overwrite the symlink.

The only scenario where this can potentially be exploited, is where Alice has write permissions to a vdir, but Bob runs vdirsyncer on it. In such a scenario, the Alice could potentially leak files which are only readable by Bob by uploading them to a remote storage.

The most likely course of action here will be to treat symlinks as unreadable files. There aren't any supported use cases which rely on this anyway.

Status
REPORTED
Submitter
~whynothugo
Assigned to
No-one
Submitted
7 months ago
Updated
2 months ago
Labels
5:security