New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[3006.x] Fix #66133: roots fileserver path verification for symlinks #66419
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer that salt.utils.verify.clean_path be modified to optionally allow for symlinks.
d3fbb96
to
4819ce7
Compare
4819ce7
to
dbc109e
Compare
I thought about that but wasn't sure if I should touch the function. |
Yes, I like this approach better. Please hold off on merging this. I have a few things I would like to validate before we proceed. |
What does this PR do?
Changes of the path verification so that symlinks to destinations outside of the roots directory work again.
This is broken since the CVE fix commit e0cdb80.
What issues does this PR fix or reference?
Fixes #66133, #66052, #65977