The vulnerability is solved pretty easily by doing your ownership checks _after_... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		jetpks on May 28, 2019 \| parent \| context \| favorite \| on: Docker is vulnerable to a symlink-race attack The vulnerability is solved pretty easily by doing your ownership checks _after_ you've opened (but not served) the file. At least, that's how I did it [1]. Despite our pleas and submitted patches, Apache wasn't interested in fixing it upstream. [1] https://github.com/bluehost/apache-symlink-patch

cyphar on May 28, 2019 [–]

Small correction -- you'd want to O_PATH, then verify, and then do a real open (by doing a re-open through /proc/self/fd). Sometimes, tricking you into opening a file is sufficient to cause problems.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact