On Sun, 2023-06-04 at 13:31 -0400, Mike Gilbert wrote: > This allows users to maintain the saved config file in some other > location. >
If so, the symlink should point to a superuser-only location to avoid creating any new vulnerabilities. We can't fix the general problem, but we could at least mention in the docs that symlinks will (now) be followed and that users should be careful if they want to maintain the files elsewhere.