search for: trustlist

...poses security risks. The technical reasons are: When the realpath function verifies a non-existent path (/permit_dir/not_exist_dir/../etc/passwd), the return value is null. However, the two parameters, however, fill in the parsed non-existent path (/permit_dir/not_exist_dir), which is in the SFTP trustlist. Therefore, you can create a soft link. If not_exist_dir is created, realpath can obtain the file to which the soft link points. Therefore, the file without permission cannot be accessed in SFTP. -- You are receiving this mail because: You are watching the assignee of the bug.