dms icon indicating copy to clipboard operation
dms copied to clipboard

Published 20 hours ago verified publisher icon anacrolix

Strict content root

Open Adirelle opened this issue 7 years ago • 4 comments

Right now, DMS will happily follow any symlinks pointing out of the content root. This could leads to security issues. Would it be possible to restrict this using an option ?

Adirelle avatar Jan 09 '18 07:01 Adirelle

Yes. IIRC I wrote a custom Walk that did follow symlinks unlike the default os.Walk. I think my reasoning was that if your security is based on manually rooting a path, it's only an illusion of security. Additionally as most servers of this nature build a custom directory structure based on tags, file types etc., I wanted to do this using the filesystem myself, so I'd build a root containing symlinks to content throughout my filesystem.

I think then a flag is best, defaulting to not following symlinks if my presumption about security is incorrect.

anacrolix avatar Jan 09 '18 12:01 anacrolix

Well, it depends on who creates the files in the served filesystem. I admit that is marginal, and nowadays people could use a container. BTW, as the binary is statically linked, it may be possible to chroot it. I'll do some research in thay way.

Adirelle avatar Jan 09 '18 14:01 Adirelle

Any update?

anacrolix avatar Sep 09 '19 07:09 anacrolix

Don't forget it would still have to have access to ffprobe/ffmpeg from within the jail/chrooted path

mathieu-aubin avatar May 09 '23 02:05 mathieu-aubin