Skip to content

feat: add config option to allow symlinks#1372

Merged
ozgb merged 5 commits into
mainfrom
ozgb-safe-read-allow-symlinks
Apr 21, 2026
Merged

feat: add config option to allow symlinks#1372
ozgb merged 5 commits into
mainfrom
ozgb-safe-read-allow-symlinks

Conversation

@ozgb

@ozgb ozgb commented Apr 21, 2026

Copy link
Copy Markdown
Contributor

Overview

The new unsafe_allow_symlinks config option permits the use of symlinks when loading configuration files on node boot. Disabled by default to prevent symlink attacks.

🗹 TODO before merging

  • Ready

📌 Submission Checklist

  • Changes are backward-compatible (or flagged if breaking)
  • Pull request description explains why the change is needed
  • Self-reviewed the diff
  • I have included a change file, or skipped for this reason:
  • If the changes introduce a new feature, I have bumped the node minor version
  • Update documentation (if relevant)
  • Updated AGENTS.md if build commands, architecture, or workflows changed
  • No new todos introduced

🧪 Testing Evidence

Please describe any additional testing aside from CI:

  • Additional tests are provided (if possible): Added new unit tests

🔱 Fork Strategy

  • Node Runtime Update
  • Node Client Update
  • Other:
  • N/A

Links

ozgb added 2 commits April 21, 2026 09:49
@ozgb
feat: add UNSAFE_ALLOW_SYMLINKS option for safe-read function
10de8ec 
Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>
@ozgb
docs: add change file
c3a10d1 
Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>
@ozgb ozgb requested a review from a team as a code owner April 21, 2026 08:54
@ozgb
chore: add pr link to change file
78b8dff 
Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>
@ozgb
chore: ignore clippy warn
9b93e56 
Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>
cosmir17
cosmir17 approved these changes Apr 21, 2026
View reviewed changes

@cosmir17 cosmir17 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

Comment thread node/src/cfg/validated_file.rs
gilescope
gilescope approved these changes Apr 21, 2026
View reviewed changes

@gilescope gilescope left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, but I think if someone can set your config file contents then you've already lost.

@ozgb
test: add another symlink test
13731a4 
Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>
@ozgb ozgb enabled auto-merge April 21, 2026 13:27
@ozgb ozgb added this pull request to the merge queue Apr 21, 2026
Merged via the queue into main with commit bf1a3c9 Apr 21, 2026
33 checks passed
@ozgb ozgb deleted the ozgb-safe-read-allow-symlinks branch April 21, 2026 14:39
@ozgb ozgb mentioned this pull request Apr 21, 2026
Merged
14 tasks
gilescope added a commit that referenced this pull request Apr 21, 2026
@gilescope
Merge pull request #1378 from midnightntwrk/ozgb-allow-symlinks-option
9d60fe3 
feat: add config option to allow symlinks (#1372)
m2ux added a commit that referenced this pull request Apr 23, 2026
@m2ux
feat: add config option to allow symlinks (#1372)
0340483 
* feat: add UNSAFE_ALLOW_SYMLINKS option for safe-read function

Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>

* docs: add change file

Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>

* chore: add pr link to change file

Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>

* chore: ignore clippy warn

Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>

* test: add another symlink test

Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>

---------

Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>
Signed-off-by: Mike Clay <mike.clay@shielded.io>
m2ux added a commit that referenced this pull request Apr 23, 2026
@m2ux
feat: add config option to allow symlinks (#1372)
5ce9e25 
* feat: add UNSAFE_ALLOW_SYMLINKS option for safe-read function

Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>

* docs: add change file

Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>

* chore: add pr link to change file

Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>

* chore: ignore clippy warn

Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>

* test: add another symlink test

Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>

---------

Signed-off-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>
Signed-off-by: Mike Clay <mike.clay@shielded.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gilescope gilescope gilescope approved these changes

@cosmir17 cosmir17 cosmir17 approved these changes

Assignees

No one assigned

Labels

skip-changes-check-issue skip-changes-check-jira

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ozgb @gilescope @cosmir17