πΎ Archived View for gem.benscraft.info βΊ mailing-list βΊ messages βΊ 246 captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
β¬ οΈ Previous capture (2021-12-03)
-=-=-=-=-=-=-
present
- Ben Goldberg <ben at benaaron.dev>
@ Fri, 16 Apr 2021 07:11 -0400
Reply to Frank JΓΌdes <Frank.Juedes at linux4specialists.com>
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
> Know security issues
>
>
> #
> <https://sr.ht/~zethra/stargazer/#root-escape---pre-040>Root
> escape - pre 0.4.0
>
> Stargazer would serve files from anywhere on the file system if a path
> starting withΒ //Β was requested.
Yes, that is fixed in the current version! (maybe I should make that
more clear in the readme) An embarrassing bug, but better to be honest
about it.
stargazer is written in Rust and doesn't have any runtime
dependencies(including OpenSSL). If you're on Linux, you can grab a
binary from here[1] or compile it yourself. The provided binary is
compiled against musl so it *should* work regardless of distro. It
should also work on other OSs but I haven't done much testing. If you
run into any issues please send an email to the stargazer mailing list[2].
[1]:
https://git.sr.ht/~zethra/stargazer/refs/download/0.4.0/stargazer-0.4.0-x86_64-linux-musl.tar.xz
[2]: https://lists.sr.ht/~zethra/stargazer
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ