From b4ca919d02037dbd21716c3ce5e89f908538761a Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Sun, 17 Feb 2019 05:17:52 +0100 Subject: [PATCH] add O_NOFOLLOW to base flags, see #908 scenario: - x is a regular file - borg does stat on x: is a regular file - so borg dispatches to process_file - attack: x gets replaced by a symlink (mv symlink x) - in process_file, borg opens x and must not follow the symlink nor continue processing as a normal file, but rather error in open() due to NOFOLLOW. --- src/borg/helpers/fs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/borg/helpers/fs.py b/src/borg/helpers/fs.py index 24c525d25..1f39d58df 100644 --- a/src/borg/helpers/fs.py +++ b/src/borg/helpers/fs.py @@ -202,7 +202,7 @@ def O_(*flags): return result -flags_base = O_('BINARY', 'NONBLOCK', 'NOCTTY') # later: add 'NOFOLLOW' +flags_base = O_('BINARY', 'NONBLOCK', 'NOCTTY', 'NOFOLLOW') flags_normal = flags_base | O_('RDONLY') flags_noatime = flags_normal | O_('NOATIME') flags_root = O_('RDONLY')