Commit d0ded9d
committed
fix symlink handling in checkpoint restore
Under normal circumstances this is not a problem as the archive file
created podman container checkpoint will no create symlinks.
However if a user passes a custom archive they could contain symlinks
that point outside our root. To resolve them within the root use
securejoin.
Note this is not a security problem because the full archive must be
trusted by a user to begin with as it contain the full container config.
Fixes: #27977
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
(cherry picked from commit abb5120)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>1 parent de57e24 commit d0ded9d
1 file changed
Lines changed: 6 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
11 | 11 | | |
12 | 12 | | |
13 | 13 | | |
| 14 | + | |
14 | 15 | | |
15 | 16 | | |
16 | 17 | | |
| |||
87 | 88 | | |
88 | 89 | | |
89 | 90 | | |
90 | | - | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
91 | 96 | | |
92 | 97 | | |
93 | 98 | | |
| |||
0 commit comments