Avoid symlink attack when writing amnesia owned file as root (!1038) · Merge requests · tails / tails

segfault requested to merge 19424-avoid-symlink-attack into stable Feb 09, 2023

Dennis Brinkrolf reported a symlink attack that leads to privilege escalation via Dotfiles, sudo, and gnome-shell-save-environment.

We are reusing the nosymfollow mountpoint created by tps here to mitigate symlink attacks.

Closes #19424

TODO:

Edited Feb 13, 2023 by intrigeri

Avoid symlink attack when writing amnesia owned file as root