From 15639f5b1aa607ccb4fec1a41643a3b916e0e44a Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 29 Jun 2017 10:48:35 +0200
Subject: webserver: refuse to follow symlink when serving ACME challenge
 responses.

---
 Changelog | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'Changelog')

diff --git a/Changelog b/Changelog
index 59d5153..9b13c44 100644
--- a/Changelog
+++ b/Changelog
@@ -4,7 +4,7 @@ lacme (0.3) upstream;
     lacme-certs.conf.d"), import the default section of files read earlier.
   + new-cert: create certificate files atomically.
   + webserver: allow listening to multiple addresses (useful when
-    dual-stack IPv4/IPv6 is not supported).  Listen to a UNIX-domain
+    dual IPv4/IPv6 stack is not supported).  Listen to a UNIX-domain
     socket by default </var/run/lacme.socket>.
   + webserver: don't install temporary iptables by default.  Hosts
     without a public HTTP daemon listening on port 80 need to set the
@@ -21,6 +21,11 @@ lacme (0.3) upstream;
   - new-cert: mark the basicConstraints (CA:FALSE) and keyUsage x509v3
     extensions as critical in the CSR, following upstream fix of
     Boulder's issue #565.
+  - webserver: refuse to follow symlink when serving ACME challenge
+    responses.  When dropping privileges to a dedicated UID
+    (recommended) only the ACME client could write to its current
+    directory anyway, so following symlinks was not a serious
+    vulnerability.
 
  -- Guilhem Moulin <guilhem@guilhem.org>  Sun, 19 Feb 2017 13:08:41 +0100
 
-- 
cgit v1.2.3