Disallow absolute path at the raw WASI level#270
Conversation
This commit fixes a `path_open` behavior that allows opening absolute paths. Although the path normalization correctly resolves the path and enforces the sandbox, it's still a good idea to converge with other runtimes here. fixes nodejs#269 Signed-off-by: Yage Hu <me@huyage.dev>
| pass("/bar", "/baz", "bar/test_path", "/baz/bar/test_path"); | ||
| pass("/bar", "/baz", "bar/../bar/test_path", "/baz/bar/test_path"); |
There was a problem hiding this comment.
These two test cases were spec'd wrong to begin with.
guybedford
left a comment
There was a problem hiding this comment.
I did a quick verification against the Wasmtime test suite and can confirm that this is the correct behaviour for Wasmtime.
Notable changes: - Disallow malformed path with null byte (#266) (7aaa0b4) - Preserve trailing slash in file path (#268) (afffaaa) - Disallow absolute path at the raw WASI level (#270) (9811374) - Error if creating symlink to absolute path (#272) (c8d4f01) - Add cflite and document normalize path (#280) (6eeddba) - Resolve old_path in uvwasi_path_symlink() (#303) (98da5ad) - Use index rather than `telldir`/`seekdir` to represent `fd_readdir` cookie (#298) (392e1f1) - fix: static library name (#305) (146e516) - fix: do not put header files in a subfolders (#302) (ec28b58) - fix: explicitly export symbols (#308) (4e9b4e0)
|
Just to clarify: this change disallowed absolute paths in all functions, and that was an expected outcome (even though the summary says that the original target was |
Yes. The original problem was detected with
|
This commit fixes a
path_openbehavior that allows opening absolute paths. Although the path normalization correctly resolves the path and enforces the sandbox, it's still a good idea to converge with other runtimes here.fixes #269