archive: add link breakout checks and tests by dmcgowan · Pull Request #1208 · containerd/containerd

dmcgowan · 2017-07-18T18:23:01Z

Ensure symlinks cannot be used to breakout of unpack directory. Evaluate absolute symlinks as scoped to unpack directory. Allow symlinks which point outside the root to be created. Scope all resolution of symlinks to the unpack directory.

Note: The tar writer could be generally useful and split out into a separate tar test or tar creation package. Also the rootPath method might be good as part of the continuity path driver since it is designed to act as a secure way to do chroot-like filepath.Join.

codecov-io · 2017-07-18T18:29:23Z

Codecov Report

Merging #1208 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #1208   +/-   ##
=======================================
  Coverage   28.09%   28.09%           
=======================================
  Files          28       28           
  Lines        2833     2833           
=======================================
  Hits          796      796           
  Misses       1888     1888           
  Partials      149      149

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 805654a...6079245. Read the comment docs.

stevvooe · 2017-07-18T18:59:38Z

I assumed he meant bounding as in a bounding box that won't allow links outside of root

Probably, bounding, as we are adding a limitation, rather than associating to context.

stevvooe · 2017-07-18T19:03:06Z

Is this a mkdirall?

stevvooe · 2017-07-18T19:08:19Z

Perhaps, this argument order needs to be reversed, as this is operating as a join.

stevvooe · 2017-07-18T19:08:58Z

root, path here, as well.

Ensure symlinks cannot be used to breakout of unpack directory. Evaluate absolute symlinks as scoped to unpack directory. Allow symlinks which point outside the root to be created. Scope all resolution of symlinks to the unpack directory. Signed-off-by: Derek McGowan <[email protected]>

dmcgowan · 2017-07-18T21:45:56Z

Updated

stevvooe · 2017-07-18T22:02:10Z

LGTM

Replace cases where a tar specified name is joined to a directory with root path to bound name to path. Signed-off-by: Derek McGowan <[email protected]>

stevvooe · 2017-07-19T01:31:58Z

@tonistiigi PTAL

tonistiigi · 2017-07-19T01:55:09Z

+			}
+			return walkLinks(root, dir[:len(dir)-1], linksWalked)
+		}
+		newpath, _, err := walkLink(root, dir, linksWalked)


how is this case reached?

I am not entirely sure how to reach this case, I was matching the cases in EvalSymlinks, it doesn't seem possible though as I would think the previous case would catch this. It does seem appropriate to handle it the same as dir == "" though rather than panic.

tonistiigi · 2017-07-19T04:21:56Z

LGTM

estesp

LGTM

dmcgowan changed the title ~~Add link breakout checks and tests~~ archive: add link breakout checks and tests Jul 18, 2017

stevvooe reviewed Jul 18, 2017

View reviewed changes

Comment thread archive/path.go Outdated

Copy link
Copy Markdown

Member

stevvooe Jul 18, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

root, path here, as well.

dmcgowan force-pushed the tar-test branch from 155fe6d to 4a3f98c Compare July 18, 2017 19:16

stevvooe added this to the containerd alpha1 milestone Jul 19, 2017

Replace uses of filepath.Join in Apply

6079245

Replace cases where a tar specified name is joined to a directory with root path to bound name to path. Signed-off-by: Derek McGowan <[email protected]>

dmcgowan mentioned this pull request Jul 19, 2017

Use forked archive/tar package for go 1.8 regression #1210

Merged

tonistiigi reviewed Jul 19, 2017

View reviewed changes

estesp approved these changes Jul 19, 2017

View reviewed changes

estesp merged commit 0600753 into containerd:master Jul 19, 2017

dmcgowan deleted the tar-test branch September 10, 2019 17:44

Conversation

dmcgowan commented Jul 18, 2017

Uh oh!

codecov-io commented Jul 18, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

dmcgowan commented Jul 18, 2017

Uh oh!

stevvooe commented Jul 18, 2017

Uh oh!

stevvooe commented Jul 19, 2017

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

tonistiigi commented Jul 19, 2017

Uh oh!

estesp left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

codecov-io commented Jul 18, 2017 •

edited

Loading