Oh look, path traversal meets vibe coding
-
RE: https://cyberplace.social/@GossiTheDog/116080909947754833
Oh look, path traversal meets vibe coding.
Everyone should know that path traversal is like the easiest thing to get right. It's famously trivial. Not like we've been plagued by security issues. Imagine if Linux had symlinks or heaven forbid magic links. Oh well. -
RE: https://cyberplace.social/@GossiTheDog/116080909947754833
Oh look, path traversal meets vibe coding.
Everyone should know that path traversal is like the easiest thing to get right. It's famously trivial. Not like we've been plagued by security issues. Imagine if Linux had symlinks or heaven forbid magic links. Oh well.@brauner what is the colloquially correct way? I have one but would love to hear from others that have done this before.
-
@brauner what is the colloquially correct way? I have one but would love to hear from others that have done this before.
@dascandy There's #systemd's chase()/chaseat() [1] and @cyphar 's #libpathrs [2]. Both are pretty good and cover a lot of edge cases.
[1]: https://github.com/systemd/systemd/blob/main/src/basic/chase.c
[2]: https://github.com/cyphar/libpathrs/?tab=readme-ov-file -
@dascandy There's #systemd's chase()/chaseat() [1] and @cyphar 's #libpathrs [2]. Both are pretty good and cover a lot of edge cases.
[1]: https://github.com/systemd/systemd/blob/main/src/basic/chase.c
[2]: https://github.com/cyphar/libpathrs/?tab=readme-ov-file -
R relay@relay.infosec.exchange shared this topic
