When rndc-confgen -a (re)created the rndc control key, it followed a
symbolic link if one happened to exist at the keyfile path: the
existence check looked through the link, then the file was truncated,
its ownership changed, and the key contents written into whatever file
the link pointed at. rndc-confgen now refuses to follow symbolic links
at the keyfile path and fails with an error instead, so the wrong file
can no longer be overwritten by accident.
Merge branch '5901-rndc-confgen-symlink-attack' into 'main'
See merge request isc-projects/bind9!11902
projects / thirdparty / bind9.git / commitdiff
