• Mike Hibler's avatar
    Change of strategy: don't pass realpath-ed path to client side. · 67039354
    Mike Hibler authored
    We still use realpath to validate the path up front, but we pass the
    original (DB) path on to the client-side. Passing the resolved path was
    wrong anyway for clients that write images across NFS, because the path
    the client uses could be different than that computed on the server
    (e.g., /proj/foo vs. /.amd_mnt/ops/proj/foo) due to the way mounts are
    done. Note that the server will again validate the client-provided path,
    so if someone were to mess with a symlink in the path between when
    create_image verifies it and when it gets used, there is still no danger.
    This will probably eliminate the need for the AMD hack, but I'll leave
    it just to be safe.
create_image.in 40.4 KB