not following symlinks about ifm HOT 11 CLOSED

Hi,

the IFM was intentionally designed to operate only in the directory where it is located (including subdirectories) for security reasons. Meanwhile I softened this policy by adding a config option ("root_dir") where you can define a custom root dir. When you try to follow a symlink, the IFM checks if the link target lies under the root_dir. If not, you cannot follow the symlink.

I could add a config flag which allows to turn the security checks off completely, if that helps. Then symlinks should work correctly. I add this to my todo list ;)

Cheers,
Marco

from ifm.

Nifty. A bit nervous when hearing, "turn off all security"... is it an all or nothing gig, or would it be easy enough to allow symlink follows? I could also just clean up my fs...

from ifm.

Well, "turn off security checks" sounds more dangerous than it really is. The only "security check" is that the script restricts any operation above the configured $root_dir. Turning this off just means that you can do everything what the PHP user is allowed to do (according to unix permissions and the php config).

But I guess cleaning your fs isn't a bad idea either 😉

from ifm.

I just thought a bit more about this. Adding a switch to disable the directory checks would be a big break in paradigm, so I'm a bit doubtful. Following symlinks pointing to a directory within the $root_dir should work. If you want to access a directory outside the $root_dir, I suggest not using a symlink, but a bind-mount:

# instead of
ln -s /your/path linkname
# just use
mkdir linkname
mount -o bind /your/path linkname

I just tested this and it works fine with the current version. I close this issue, but if you have any notes, please let me know!

from ifm.

H'm, not sure what you mean by paradigm shift. I don't see it being such a deep change?

I do a a lot with symlinks in terms of organizing my fs and partitions into a sensible structure which is easily manageable. For instance, I have all of my backup data in /mnt/backups which has the folders local and remote, each with their own structure for various uses. It becomes desirable to link to either local or remote in different locations, such as /home/USER/Backup for the local stuff, or /opt/project/data/backup where I may want to drop ifm in at /opt/project and be able to easily access the backup data. In a situation like this symlinks are the superior option because they are easily executed with a single, quick command which is accessible via right click as well. With triviality of creation and deletion, they present a flexible solution to my storage and organization problems that mount -o bind doesn't meet, especially when working with different projects that may not have a very long shelf life.

Another use case is for my own simple remote access to stored files. I like to drop something like ifm into /home/USER/Public and just quick link folders and large files that I need to access on the fly. This is, frankly, the single most indispensable case that I use. I was relying on Encode Explorer for this, but your script is truly improved over something like that in several ways, notably, folder and multi-select, zip, and the permission changing tools that are included.

Regardless, I like that mount -o bind can be set to read only for the view it provides.

from ifm.

I don't see it being such a deep change?

Well, I use realpath() for checking if the target directory lies within $root_dir or deeper. Unfortunately realpath() resolves symlinks. I could disable this check, but then anyone could walk through the filesytem (or at least these parts, which are accessible to the PHP user), by moving to e.g. "../../../../etc". As realpath() is the safest method to prevent this, I don't really want to disable that. I just checked, if there is an alternative to realpath() which leaves symlinks unresolved, but didn't find anything helpful. Let me know, if you can think of another solution!

from ifm.

That makes sense. I will give it some time on the drawing board, maybe alongside the auth script I suddenly want to write :)

from ifm.

Let me know if you find a nice solution. I close this, for now.

from ifm.

What about stripping path traversal characters from the request with something like this

$_SERVER['REQUEST_URI'] = preg_replace('/^((\.*)(\/*))*/', '', $_SERVER['REQUEST_URI']);

from ifm.

There are a few solutions from here and plenty here for normalizing a path to prevent traversal. Passing a requested file path through a function such as one of these would allow for symlinks, and could merely return an error on the event that the file not exist.

Thought?

from ifm.

Hi,

sorry for the late reply. I take a look at the code again and check if this would be a sufficient solution ;) I hope to find time this week, but can't promise...

Cheers,
Marco

from ifm.