[Unison-hackers] Multi-user, single UID ideas for Unison
Greg Troxel
gdt at lexort.com
Thu Dec 14 12:22:40 EST 2023
Tõivo Leedjärv <toivol at gmail.com> writes:
> Instead of looking at this as some security feature, I see this
> feature as more akin to don't-cross-filesystems option found in many
> programs. This is similar, but here it's more like a pseudo-chroot.
> There is actually prior art to what I think is pretty much exactly
> this feature: https://urldefense.com/v3/__https://borgbackup.readthedocs.io/en/stable/usage/serve.html__;!!IBzWLUs!VbcJHERi4ERNGFWyYfykdKXDDhDv7eyhmm8z9fUQ0jawa1oMmeySX84KOq4Mym5OVWqCSxCZtIfrTOoZxLU7whC58tQ$
>
> nikp, do I understand correctly that all you need is basically this?
>
> - force the replica root to be the (or within the) specified directory;
> - not allow symlinks outside the replica root.
>
> Is this going to benefit other users? Not sure...
I don't see why the first point is needed as whatever is wrapping
unison can specify roots. The idea of letting unison read config files
while caring about security (beyond the protections afforded by unix
norms) doesn't really make sense to me.
Ignoring symlinks outside the root makes sense to me. Actually, I'd
epxect syncing the symlnks and not following them to be what happens
anyway.
More information about the Unison-hackers
mailing list