You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Symlinks in jails are resolved before opening files or creating directories. When an attacker awaits the check, but changes the symlink target right after the check, a race condition can lead to file read/write on the host system from within an unsafe jail.
This issue can be mitigated by opening and holding the file descriptor before the check is applied, so that the same path is not resolved twice.
/me tips hat to @fabiabfreyer
The text was updated successfully, but these errors were encountered:
Symlinks in jails are resolved before opening files or creating directories. When an attacker awaits the check, but changes the symlink target right after the check, a race condition can lead to file read/write on the host system from within an unsafe jail.
This issue can be mitigated by opening and holding the file descriptor before the check is applied, so that the same path is not resolved twice.
/me tips hat to @fabiabfreyer
The text was updated successfully, but these errors were encountered: