Commit adb77124 authored by intrigeri's avatar intrigeri

Revert "tails-debugging-info: fix the (minimal) check for symlink attack."

This reverts commit 3460524d.

As explained on https://labs.riseup.net/code/issues/8514#note-58 the commit I'm
reverting was based on a misunderstanding. While it improves things in some
cases, it makes them worse in some other cases. So let's revert it for now
until we reach an agreement on what the test should look like.
parent 37213b93
......@@ -102,7 +102,7 @@ def debug_file(user, filename):
# This check is not sufficient, see the comment at the top of the file
# for the complete requirements required for security
owner = getpwuid(os.stat(filename, follow_symlinks=False).st_uid).pw_name
owner = getpwuid(os.stat(filename).st_uid).pw_name
if owner != user:
return {'key': filename, 'content': '''WARNING: not opening file {}, because it is '''
'''owned by {} instead of {}'''.format(filename, owner, user)}
......@@ -135,7 +135,7 @@ def debug_directory(user, dir_name):
# This check is not sufficient, see the comment at the top of the file
# for the complete requirements required for security
owner = getpwuid(os.stat(dir_name, follow_symlinks=False).st_uid).pw_name
owner = getpwuid(os.stat(dir_name).st_uid).pw_name
if owner != user:
return {'key': dir_name, 'content': '''WARNING: not opening directory {}, because '''
'''it is owned by {} instead of {}'''.format(dir_name, owner, user)}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment