Opened 14 years ago

Closed 14 years ago

#2228 closed task (invalid)

Don't delete symlinks in the recordings directory that point to files in other trees.

Reported by: cpinkham Owned by: cpinkham
Priority: minor Milestone: 0.21
Component: mythtv Version: head
Severity: medium Keywords:
Cc: Ticket locked: no

Description (last modified by cpinkham)

This is a security enhancement task for implementation after 0.20 is released.

We do not want to allow Myth to delete a symlink under the recordings directory or the file the link points to if the actual path to the file is not somewhere under the actual recordings directory.

After this task is completed, in order to have recordings stored in multiple directories and/or filesystems, you will need to mount those directories somewhere under the main recording directory. This can be done by mounting the whole secondary filesystem under the main recording directory or by using a bind mount to mount the secondary recordings directory under the main recording directory. See the "mount" manpage for information on bind mounting a directory in another location. You will also have to recreate any existing links since the location of the actual files will change.

Again, this is a post-0.20 task, so the changes will be put into place in SVN sometime after 0.20 is released.

Change History (2)

comment:1 Changed 14 years ago by cpinkham

Description: modified (diff)
Status: newassigned

comment:2 Changed 14 years ago by cpinkham

Resolution: invalid
Status: assignedclosed

Closing this for now. The description didn't accurately reflect what we decided on in IRC and restricting links to point to locations below the recording dir still doesn't solve the security issue if you're running your backend as root and have the recordings directory writeable by others. If a better solution is determined, I may reopen the ticket or just code the change without a task.

Note: See TracTickets for help on using tickets.