The long road to a fix for CVE-2021-20316
The long road to a fix for CVE-2021-20316
Posted Feb 16, 2022 14:22 UTC (Wed) by mathstuf (subscriber, #69389)In reply to: The long road to a fix for CVE-2021-20316 by nybble41
Parent article: The long road to a fix for CVE-2021-20316
Some programs still break symlinks because they operate on the pathname, not the result of following the symlink (basically, they replace the symlink instead of replacing the destination file).
Posted Feb 17, 2022 14:43 UTC (Thu)
by Karellen (subscriber, #67644)
[Link]
I think the parent commenter was referring to the case where you have a symlink somewhere pointing to /foo/bar, and /foo/bar is replaced through its canonical path, rather than through the symlink. In that case, the symlink (wherever it is) remains pointing at the new /foo/bar
The long road to a fix for CVE-2021-20316