From 9a84181ad9bbef5bdc4a9ecb3160994f79d8b9cb Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 9 Feb 2009 16:04:33 -0500 Subject: [PATCH] document writefile symlink checks --- doc/plugins/write.mdwn | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/doc/plugins/write.mdwn b/doc/plugins/write.mdwn index 99eea3d16..1a119b99b 100644 --- a/doc/plugins/write.mdwn +++ b/doc/plugins/write.mdwn @@ -629,6 +629,16 @@ A failure to write the file will result in it dying with an error. If the destination directory doesn't exist, it will first be created. +The filename and directory are separate parameters because of +some security checks done to avoid symlink attacks. Before writing a file, +it checks to make sure there's not a symlink with its name, to avoid +following the symlink. If the filename parameter includes a subdirectory +to put the file in, it also checks if that subdirectory is a symlink, etc. +The directory parameter, however, is not checked for symlinks. So, +generally the directory parameter is a trusted toplevel directory like +the srcdir or destdir, and any subdirectories of this are included in the +filename parameter. + #### `will_render($$)` Given a page name and a destination file name (not including the base -- 2.26.2