present
- Ben Goldberg <ben at benaaron.dev>
@ Fri, 16 Apr 2021 07:11 -0400
Reply to Frank Jüdes <Frank.Juedes at linux4specialists.com>
────────────────────────────────────────────────────────────────────────────────
> Know security issues
>
>
> #
> <https://sr.ht/~zethra/stargazer/#root-escape---pre-040>Root
> escape - pre 0.4.0
>
> Stargazer would serve files from anywhere on the file system if a path
> starting with // was requested.
Yes, that is fixed in the current version! (maybe I should make that
more clear in the readme) An embarrassing bug, but better to be honest
about it.
stargazer is written in Rust and doesn't have any runtime
dependencies(including OpenSSL). If you're on Linux, you can grab a
binary from here[1] or compile it yourself. The provided binary is
compiled against musl so it *should* work regardless of distro. It
should also work on other OSs but I haven't done much testing. If you
run into any issues please send an email to the stargazer mailing list[2].
[1]:
https://git.sr.ht/~zethra/stargazer/refs/download/0.4.0/stargazer-0.4.0-x86_64-linux-musl.tar.xz
[2]: https://lists.sr.ht/~zethra/stargazer
════════════════════════════════════════════════════════════════════════════════