diff --git a/doc/bugs/git-annex-import_imports_outside_of_directory.mdwn b/doc/bugs/git-annex-import_imports_outside_of_directory.mdwn index d2d18493ae..7a6d18da8e 100644 --- a/doc/bugs/git-annex-import_imports_outside_of_directory.mdwn +++ b/doc/bugs/git-annex-import_imports_outside_of_directory.mdwn @@ -25,3 +25,5 @@ Linux ctchpcpx163.merck.com 3.10.0-1160.6.1.el7.x86_64 #1 SMP Tue Nov 17 13:59:1 ### Have you had any luck using git-annex before? (Sometimes we get tired of reading bug reports all day and a lil' positive end note does wonders) That I use it enough to run into corner-case issues shows its continued usefulness :) + +[[!meta title="git-annex import follows symlinks"]] diff --git a/doc/bugs/git-annex-import_imports_outside_of_directory/comment_1_376302b0bac94ee81c0dfdcb647f3b3b._comment b/doc/bugs/git-annex-import_imports_outside_of_directory/comment_1_376302b0bac94ee81c0dfdcb647f3b3b._comment new file mode 100644 index 0000000000..56f6972056 --- /dev/null +++ b/doc/bugs/git-annex-import_imports_outside_of_directory/comment_1_376302b0bac94ee81c0dfdcb647f3b3b._comment @@ -0,0 +1,25 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2022-05-03T16:15:38Z" + content=""" +`git-annex import $dir` also follows symlinks inside $dir. +So importing has been behaving this way since long before the directory +special remote supported importtree. + +This is not a security hole, because if an attacker wants to make you +import `/foo` when importing `/bar`, and they have write access to bar, +they are not limited to making a `/bar/foo -> /foo` symlink. They can just +`cp -a /foo /bar` instead. + +I don't really think it would make much sense for any import to import +symlinks as symlinks. If the symlink points outside the imported directory, +that would result in a symlink that points outside the git repository, +which is not something one often wants to check into a git repository. + +I don't know if I would really consider this a bug either. It at least +seems plausible that there might be users who import from `~/disk` +which is a symlink to `/media/somethinglong`, and rely on it following +the symlink. I often make symlink aliases for mount points like that, +though I have not imported from them. +"""]]