Closed slime73 closed 12 years ago
slime73
commented
12 years ago Original comment by Matthias Richter (Bitbucket: vrld, GitHub: vrld).
Yes, it is. To quote from the physfs documentation[1]:
"[...] the link could take you outside the write and search paths, and compromise security."
[1] http://icculus.org/physfs/docs/html/physfs_8h.html#aad451d9b3f46f627a1be8caee2eef9b7
slime73
commented
12 years ago Original comment by Anders Ruud (Bitbucket: rude, GitHub: rude).
Whoops, unintentionally changed issue status.
compromise security
Never mind that you can already execute completely arbitrary code through other means.
But yeah, it would be a step in the wrong direction to do this universally, I think. We could allow it for merged binaries, though.
I used to (and still do) symlink Diablo II save files to Dropbox, for permanent backup. That's actually kind of convenient.
Original report by Stevie Hryciw (Bitbucket: hryx, GitHub: hryx).
I was creating a tool in LOVE which was supposed to follow a symbolic link to a directory outside of the source directory, but it turns out love.filesystem.enumerate/isFile/isDirectory do not recognize links at all.
Is this by design?