commit
f12f9ae240
6 changed files with 7 additions and 7 deletions
|
@ -1360,8 +1360,8 @@ Details
|
||||||
the latest version of restic.
|
the latest version of restic.
|
||||||
|
|
||||||
Exploiting the vulnerability requires a Linux/Unix system which saves backups via restic and
|
Exploiting the vulnerability requires a Linux/Unix system which saves backups via restic and
|
||||||
a Windows systems which restores files from the repo. In addition, the attackers need to be able
|
a Windows systems which restores files from the repo. In addition, the attackers need to be
|
||||||
to create create files with arbitrary names which are then saved to the restic repo. For
|
able to create files with arbitrary names which are then saved to the restic repo. For
|
||||||
example, by creating a file named "..\test.txt" (which is a perfectly legal filename on Linux)
|
example, by creating a file named "..\test.txt" (which is a perfectly legal filename on Linux)
|
||||||
and restoring a snapshot containing this file on Windows, it would be written to the parent of
|
and restoring a snapshot containing this file on Windows, it would be written to the parent of
|
||||||
the target directory.
|
the target directory.
|
||||||
|
|
|
@ -7,7 +7,7 @@ vulnerability, but urge all users to upgrade to the latest version of restic.
|
||||||
|
|
||||||
Exploiting the vulnerability requires a Linux/Unix system which saves backups
|
Exploiting the vulnerability requires a Linux/Unix system which saves backups
|
||||||
via restic and a Windows systems which restores files from the repo. In
|
via restic and a Windows systems which restores files from the repo. In
|
||||||
addition, the attackers need to be able to create create files with arbitrary
|
addition, the attackers need to be able to create files with arbitrary
|
||||||
names which are then saved to the restic repo. For example, by creating a file
|
names which are then saved to the restic repo. For example, by creating a file
|
||||||
named "..\test.txt" (which is a perfectly legal filename on Linux) and
|
named "..\test.txt" (which is a perfectly legal filename on Linux) and
|
||||||
restoring a snapshot containing this file on Windows, it would be written to
|
restoring a snapshot containing this file on Windows, it would be written to
|
||||||
|
|
|
@ -131,7 +131,7 @@ func rejectIfPresent(excludeFileSpec string) (RejectByNameFunc, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// isExcludedByFile interprets filename as a path and returns true if that file
|
// isExcludedByFile interprets filename as a path and returns true if that file
|
||||||
// is in a excluded directory. A directory is identified as excluded if it contains a
|
// is in an excluded directory. A directory is identified as excluded if it contains a
|
||||||
// tagfile which bears the name specified in tagFilename and starts with
|
// tagfile which bears the name specified in tagFilename and starts with
|
||||||
// header. If rc is non-nil, it is used to expedite the evaluation of a
|
// header. If rc is non-nil, it is used to expedite the evaluation of a
|
||||||
// directory based on previous visits.
|
// directory based on previous visits.
|
||||||
|
|
|
@ -52,7 +52,7 @@ You can use the command ``restic ls latest`` or ``restic find foo`` to find the
|
||||||
path to the file within the snapshot. This path you can then pass to
|
path to the file within the snapshot. This path you can then pass to
|
||||||
``--include`` in verbatim to only restore the single file or directory.
|
``--include`` in verbatim to only restore the single file or directory.
|
||||||
|
|
||||||
There are case insensitive variants of of ``--exclude`` and ``--include`` called
|
There are case insensitive variants of ``--exclude`` and ``--include`` called
|
||||||
``--iexclude`` and ``--iinclude``. These options will behave the same way but
|
``--iexclude`` and ``--iinclude``. These options will behave the same way but
|
||||||
ignore the casing of paths.
|
ignore the casing of paths.
|
||||||
|
|
||||||
|
|
|
@ -181,7 +181,7 @@ func (arch *Archiver) saveTree(ctx context.Context, t *restic.Tree) (restic.ID,
|
||||||
return res.ID(), s, nil
|
return res.ID(), s, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// nodeFromFileInfo returns the restic node from a os.FileInfo.
|
// nodeFromFileInfo returns the restic node from an os.FileInfo.
|
||||||
func (arch *Archiver) nodeFromFileInfo(filename string, fi os.FileInfo) (*restic.Node, error) {
|
func (arch *Archiver) nodeFromFileInfo(filename string, fi os.FileInfo) (*restic.Node, error) {
|
||||||
node, err := restic.NodeFromFileInfo(filename, fi)
|
node, err := restic.NodeFromFileInfo(filename, fi)
|
||||||
if !arch.WithAtime {
|
if !arch.WithAtime {
|
||||||
|
|
|
@ -17,7 +17,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
// MockT passes through all logging functions from T, but catches Fail(),
|
// MockT passes through all logging functions from T, but catches Fail(),
|
||||||
// Error/f() and Fatal/f(). It is used to test test helper functions.
|
// Error/f() and Fatal/f(). It is used to test helper functions.
|
||||||
type MockT struct {
|
type MockT struct {
|
||||||
*testing.T
|
*testing.T
|
||||||
HasFailed bool
|
HasFailed bool
|
||||||
|
|
Loading…
Reference in a new issue