From 501571c2d22bb1207ea5da3450a903434026256b Mon Sep 17 00:00:00 2001
From: Daniel <845765@qq.com>
Date: Wed, 18 Mar 2026 08:59:00 +0800
Subject: [PATCH] :lock:
 https://github.com/siyuan-note/siyuan/security/advisories/GHSA-vm69-h85x-8p85

Signed-off-by: Daniel <845765@qq.com>
---
 kernel/util/path.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/util/path.go b/kernel/util/path.go
index 100742cb4..11bbd9b58 100644
--- a/kernel/util/path.go
+++ b/kernel/util/path.go
@@ -402,6 +402,9 @@ func IsSensitivePath(p string) bool {
 		"/lib",
 		"/srv",
 		"/tmp",
+		"/usr",
+		"/opt",
+		"/sbin",
 	}
 	for _, pre := range prefixes {
 		if strings.HasPrefix(toCheckPathLower, pre) {