Closed kalkin closed 8 years ago
Ty for the fix! Let me discuss this with a security-minded friend who pairs with me on Xiki. I think following symlinks can sometimes open you up to security issues.
@trogdoro Or you could just read the comments and follow the SO link provided. The code basically resolves the link until it's not a symlink. Perhaps I'm not security minded enough, but i do not see a way how to exploit it.
The current
xsh
shell script can not resolve the$xiki_dir
if symlinked, i.e. to~/bin
.