mirror of
https://github.com/rclone/rclone.git
synced 2026-07-16 02:32:14 -04:00
With -l/--links rclone recreates a .rclonelink object as a symlink. A malicious or compromised source could serve a symlink whose target points outside the destination, plus a sibling object whose path traverses it, so that rclone followed the planted symlink and wrote outside the destination causing arbitrary file write. When translating symlinks, rclone now performs all destination writes (directory creation, file writes and symlink creation) through an os.Root anchored at the destination. os.Root resolves every path component relative to the destination's file descriptor and refuses any that escapes the root, even under concurrent modification, so a planted symlink can never be traversed out of the destination. Symlinks are still reproduced verbatim - including ones whose target points outside the destination - so backups remain faithful. Only writing *through* such a link is refused. In-tree symlinks are unaffected. Fixes CVE-2026-54572 Fixes GHSA-cf44-9pgv-m4xc