markfasheh / duperemove

Tools for deduping file systems
GNU General Public License v2.0
816 stars 81 forks source link

lstat() should be used instead of stat() to prevent unwanted symlink traversal #202

Closed charles-dyfis-net closed 4 years ago

charles-dyfis-net commented 6 years ago

Consider the following, seen with duperemove v0.11:

$ find /data/build/builds/consul/src/consul-0.9.0 -type l -ls
1892204050    0 lrwxrwxrwx   1 build build       42 Jul 20  2017 /data/build/builds/consul/src/consul-0.9.0/.gopath/src/github.com/hashicorp/consul -> /data/build/builds/consul/src/consul-0.9.0
382153890    0 lrwxrwxrwx   1 build build       42 Jul 20  2017 /data/build/builds/consul/src/consul-0.9.0/consul-0.9.0 -> /data/build/builds/consul/src/consul-0.9.0
$ duperemove -r /data/build/builds/consul/src/consul-0.9.0
Using 128K blocks
Using hash: murmur3
Gathering file list...
Error 40: Too many levels of symbolic links while getting path to file /data/build/builds/consul/src/consul-0.9.0/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul. Skipping.
Error 40: Too many levels of symbolic links while getting path to file /data/build/builds/consul/src/consul-0.9.0/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/consul-0.9.0. Skipping.
Error 40: Too many levels of symbolic links while getting path to file /data/build/builds/consul/src/consul-0.9.0/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/consul-0.9.0/.gopath/src/github.com/hashicorp/consul. Skipping.
Error 40: Too many levels of symbolic links while getting path to file /data/build/builds/consul/src/consul-0.9.0/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/.gopath/src/github.com/hashicorp/consul/consul-0.9.0/consul-0.9.0. Skipping.
markfasheh commented 6 years ago

Thanks, let's try this out for now.

lorddoskias commented 4 years ago

This should be fixed in master, please rest and create a new issue if it still doesn't work for you.