projects / git-annex.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9d6c052) | patch
compute: disallow output files that are not regular files
authorJoey Hess <joeyh@joeyh.name>
Mon, 10 Mar 2025 16:52:10 +0000 (12:52 -0400)
committerJoey Hess <joeyh@joeyh.name>
Mon, 10 Mar 2025 16:55:03 +0000 (12:55 -0400)
commit9d9e34c1874b1513afe88dd22f6dd25fc3fd6a86
treecf0d754de509e5334c0ee2be4c783a4c766c7003tree | snapshot
parent9d6c052c2768c20ad45a13b237119bb8a35137f0commit | diff
compute: disallow output files that are not regular files

Use case where this came up is a compute program using singularity,
where the process inside the container will be allowed to write to the temp
directory, so could make eg a /etc/shadow symlink, which could then be
used to exfiltrate that from the system to wherever the annex object
might be pushed to.

It seemed better to fix this once in git-annex rather than in any such
compute program.
Remote/Compute.hs diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.