-
-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Strict content root #48
Comments
Yes. IIRC I wrote a custom Walk that did follow symlinks unlike the default os.Walk. I think my reasoning was that if your security is based on manually rooting a path, it's only an illusion of security. Additionally as most servers of this nature build a custom directory structure based on tags, file types etc., I wanted to do this using the filesystem myself, so I'd build a root containing symlinks to content throughout my filesystem. I think then a flag is best, defaulting to not following symlinks if my presumption about security is incorrect. |
Well, it depends on who creates the files in the served filesystem. I admit that is marginal, and nowadays people could use a container. BTW, as the binary is statically linked, it may be possible to chroot it. I'll do some research in thay way. |
Any update? |
Don't forget it would still have to have access to ffprobe/ffmpeg from within the jail/chrooted path |
Right now, DMS will happily follow any symlinks pointing out of the content root. This could leads to security issues. Would it be possible to restrict this using an option ?
The text was updated successfully, but these errors were encountered: