My minimal, memory-safe Go rsync steers clear of vulnerabilities(michael.stapelberg.ch)

4 pointsby Brajeshwar4 hours ago1 comment

3eb7988a16632 hours ago
Is there a solid reference resource on handling symlinks? It seems a never ending source of security bugs.
- euroderfan hour ago
  The new os.Root is supposed to handle symlinks correctly in a sandbox, but (of course?) the first release had a bug related to symlinks.
- d0vsan hour ago
  Agreed. Not a direct answer but this should be interesting: https://github.com/cyphar/filepath-securejoin