mirror of
https://github.com/octoleo/restic.git
synced 2024-12-12 14:17:57 +00:00
19 lines
972 B
Plaintext
19 lines
972 B
Plaintext
|
Security: Prevent writing outside the target directory during restore
|
||
|
|
||
|
A vulnerability was found in the restic restorer, which allowed attackers in
|
||
|
special circumstances to restore files to a location outside of the target
|
||
|
directory. Due to the circumstances we estimate this to be a low-risk
|
||
|
vulnerability, but urge all users to upgrade to the latest version of restic.
|
||
|
|
||
|
Exploiting the vulnerability requires a Linux/Unix system which saves backups
|
||
|
via restic and a Windows systems which restores files from the repo. In
|
||
|
addition, the attackers need to be able to create create files with arbitrary
|
||
|
names which are then saved to the restic repo. For example, by creating a file
|
||
|
named "..\test.txt" (which is a perfectly legal filename on Linux) and
|
||
|
restoring a snapshot containing this file on Windows, it would be written to
|
||
|
the parent of the target directory.
|
||
|
|
||
|
We'd like to thank Tyler Spivey for reporting this responsibly!
|
||
|
|
||
|
https://github.com/restic/restic/pull/1445
|