Skip to content

Cherry-pick batch: security FS write hardening#1588

Merged
alexey-pelykh merged 15 commits intomainfrom
staging/cherry-pick-732
Mar 17, 2026
Merged

Cherry-pick batch: security FS write hardening#1588
alexey-pelykh merged 15 commits intomainfrom
staging/cherry-pick-732

Conversation

@alexey-pelykh
Copy link
Copy Markdown

@alexey-pelykh alexey-pelykh commented Mar 17, 2026

Cherry-pick batch from upstream

Issue: #732
Commits: 14 evaluated, 11 cherry-picked, 3 skipped

Hash Subject Result
17ede52a4 fix(security): harden sandbox media staging destination writes SKIPPED (gutted sandbox)
0dbb92dd2 fix(security): harden tar archive extraction parity PICKED (prior batch)
18f8393b6 fix: harden sandbox writes and centralize atomic file writes PICKED (prior batch)
14c93d264 docs(changelog): add skills archive extraction hardening note SKIPPED (CHANGELOG deleted)
4a8031162 refactor(security): split sandbox media staging and stream safe copies PICKED (prior batch)
07b16d5ad fix(security): harden workspace bootstrap boundary reads PICKED (prior batch)
104d32bb6 fix(security): unify root-bound write hardening RESOLVED (gutted sandbox/skills-install dropped, live infra/browser/plugins kept)
d3e8b17aa fix: harden webhook auth-before-body handling PICKED (prior batch)
d4bf07d07 refactor(security): unify hardened install and fs write flows PICKED (prior batch)
7dac9b05d fix(security): harden zip write race handling PICKED (prior batch)
83c8406f0 refactor(security): split gateway auth suites and share safe write path checks PICKED (prior batch)
718d418b3 fix(daemon): harden launchd plist with umask 077 (openclaw#31919) PICKED (prior batch)
a8fe8b6bf test(guardrails): exclude suite files and harden auth temp identity naming PICKED (prior batch)
ee68fa86b fix: harden plugin command registration + telegram menu guard (openclaw#31997) PICKED (prior batch)

🤖 Generated with Claude Code

steipete and others added 15 commits March 17, 2026 17:16
@steipete @alexey-pelykh
fix(security): harden tar archive extraction parity
a02082b 
(cherry picked from commit 0dbb92d)
@steipete @alexey-pelykh
fix: harden sandbox writes and centralize atomic file writes
2c98bfb 
(cherry picked from commit 18f8393)
@steipete @alexey-pelykh
refactor(security): split sandbox media staging and stream safe copies
93ab879 
(cherry picked from commit 4a80311)
@steipete @alexey-pelykh
fix(security): harden workspace bootstrap boundary reads
93d4bf0 
(cherry picked from commit 07b16d5)
@steipete @alexey-pelykh
fix: harden webhook auth-before-body handling
fbd50c2 
(cherry picked from commit d3e8b17)
@steipete @alexey-pelykh
refactor(security): unify hardened install and fs write flows
06cc04a 
(cherry picked from commit d4bf07d)
@steipete @alexey-pelykh
fix(security): harden zip write race handling
e3ce918 
(cherry picked from commit 7dac9b0)
@steipete @alexey-pelykh
refactor(security): split gateway auth suites and share safe write pa…
0b1ae0b 
…th checks

(cherry picked from commit 83c8406)
@liuxiaopai-ai @steipete @alexey-pelykh
fix(daemon): harden launchd plist with umask 077 (openclaw#31919)
527d8a4 
* fix(daemon): add launchd umask hardening

* fix: finalize launchd umask changelog + thanks (openclaw#31919) (thanks @liuxiaopai-ai)

---------

Co-authored-by: Peter Steinberger <[email protected]>
(cherry picked from commit 718d418)
@steipete @alexey-pelykh
test(guardrails): exclude suite files and harden auth temp identity n…
e40eb68 
…aming

(cherry picked from commit a8fe8b6)
@steipete @alexey-pelykh
fix: harden plugin command registration + telegram menu guard (opencl…
9c25645 
…aw#31997) (thanks @liuxiaopai-ai)

(cherry picked from commit ee68fa8)
@alexey-pelykh
fix: rebrand openclaw refs from cherry-picks
fd18329
@alexey-pelykh @claude
fix: adapt cherry-picks for fork TS strictness
09951ea 
- bluebubbles/monitor.test.ts: OpenClawConfig → RemoteClawConfig (rebrand miss)
- bluebubbles/monitor.ts, googlechat/monitor.ts: registerWebhookTargetWithPluginRoute →
  registerWebhookTarget (upstream refactored function not in fork plugin-sdk)
- sandbox/workspace.test.ts: remove orphaned test for gutted sandbox workspace module
- skills-install-extract.ts: fix hasBinary import from deleted skills.js → shared/config-eval.js
- fs-safe.ts: add missing pipeline import, OPEN_WRITE_*_FLAGS constants,
  assertNoPathAliasEscape stub, and openVerifiedLocalFile options parameter
- fs-safe.test.ts: add missing writeFileWithinRoot/copyFileWithinRoot/writeFileFromPathWithinRoot
  imports from fs-safe.js
- install-safe-path.ts: add assertCanonicalPathWithinBase (upstream definition from unmerged PR)
- install-package-dir.ts: add missing assertCanonicalPathWithinBase import

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@alexey-pelykh
fix: wire hardlink rejection in openFileWithinRoot
e641967
@steipete @alexey-pelykh
fix(security): unify root-bound write hardening
19b7088 
(cherry picked from commit 104d32b)
@alexey-pelykh alexey-pelykh merged commit ceb224b into main Mar 17, 2026
6 of 7 checks passed
@alexey-pelykh alexey-pelykh deleted the staging/cherry-pick-732 branch March 17, 2026 17:34
@alexey-pelykh alexey-pelykh mentioned this pull request Mar 17, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alexey-pelykh @steipete @liuxiaopai-ai