Displaying 1 result from an estimated 1 matches for "not_exist_dir".
2025 May 22
1
[Bug 3825] New: SFTP soft link security problem
...-bugs at mindrot.org
Reporter: bty at mail.ustc.edu.cn
When we use the /usr/local/etc/other_sftppermit.config file to restrict
the directories that users can access via sftp. However, the following
soft links can be successfully created by running the soft link
command:
ln -s /permit_dir/not_exist_dir/../etc/passwd test
You can run the mkdir command to create the not_exist_dir directory.
The consequences are:
1. The test command cannot be used in SFTP to access the /etc/passwd
file without permission.
2. After logging in to the local system through SSH, you can use test
to access /etc/passwd, wh...