Skip to content

Strengthen hardcoded rm security rules and add path normalization#48640

Merged
rtfeldman merged 1 commit intomainfrom
pr/rm-security-rules-hardening
Feb 6, 2026
Merged

Strengthen hardcoded rm security rules and add path normalization#48640
rtfeldman merged 1 commit intomainfrom
pr/rm-security-rules-hardening

Conversation

@rtfeldman
Copy link
Contributor

@rtfeldman rtfeldman commented Feb 6, 2026
edited
Loading

This PR hardens the terminal tool's hardcoded security rules for destructive commands like rm -rf /, and adds path normalization to prevent traversal-based bypasses.

Path normalization

Adds normalize_path which resolves .., ., and redundant path separators, and decide_permission_for_path which checks permissions against both raw and normalized paths (taking the most restrictive result). This prevents attacks like rm -rf /tmp/../../ which previously bypassed the rm -rf / rule.

rm command expansion

Adds expand_rm_to_single_path_commands which splits multi-argument rm commands into individual single-path commands for checking. This catches cases like rm -rf /tmp / where the dangerous path is the second argument.

Regex hardening

  • FLAGS: Now accepts digits, underscores, and uppercase in long flags (e.g. --no-preserve-root)
  • --flag=value: Correctly matched as a single flag token
  • Trailing flags: Handles GNU rm's acceptance of flags after path operands (e.g. rm / -rf)
  • -- marker: Detects end-of-options bypass attempts (e.g. rm -rf -- /)
  • Whitespace: Handles tabs and other whitespace, not just spaces

$HOME/${HOME} handling

Normalizes the suffix after $HOME/${HOME} variable references so that traversal attacks like rm -rf $HOME/./ or rm -rf ${HOME}/foo/.. are correctly detected.

Release Notes:

  • Strengthened terminal security rules to detect path traversal attacks in destructive commands like rm -rf.

@rtfeldman
Strengthen hardcoded rm security rules and add path normalization
8d7b614 
- Add normalize_path function to resolve .., ., and redundant separators
- Add decide_permission_for_path wrapper that normalizes before checking
- Add expand_rm_to_single_path_commands to handle multi-path rm commands
- Normalize paths in rm commands before checking hardcoded security rules
- Normalize suffix after $HOME/${HOME} variable references
- Handle -- end-of-options marker in rm commands
- Handle trailing flags after path operand (GNU rm accepts this)
- Broaden FLAGS regex to accept digits, underscores, and uppercase
- Handle tabs/any whitespace after rm command name
- Preserve .. components that traverse above start path
- Preserve leading / for absolute paths in normalize_path
- Extensive test coverage for all edge cases
@cla-bot cla-bot bot added the cla-signed The user has signed the Contributor License Agreement label Feb 6, 2026
@zed-community-bot zed-community-bot bot added the staff Pull requests authored by a current member of Zed staff label Feb 6, 2026
@rtfeldman rtfeldman marked this pull request as ready for review February 6, 2026 22:17
@rtfeldman rtfeldman merged commit 7fa4cfc into main Feb 6, 2026
36 checks passed
@rtfeldman rtfeldman deleted the pr/rm-security-rules-hardening branch February 6, 2026 22:17
naaiyy added a commit to Glass-HQ/Glass that referenced this pull request Feb 16, 2026
@naaiyy @claude
Merge upstream batch 10 (commits 501-550, target db53a65)
1a94db4 
Key changes:
- LSP folding ranges support (zed-industries#48611) - textDocument/foldingRange with custom fold text
- LSP refactoring (zed-industries#48604) - extracted document_colors, code_lens, folding_ranges into modules
- Crate graph restructuring (zed-industries#48602) - terminal moved closer to editor
- Side-by-side diff searching (zed-industries#48539) and OpenExcerpts for LHS (zed-industries#48438)
- SplittableEditor: sync custom blocks between RHS/LHS (zed-industries#48575)
- Thinking effort for Zed/OpenAI providers (zed-industries#48545, zed-industries#48605)
- Agent default_model.enable_thinking setting (zed-industries#48536)
- Configurable LSP timeout setting (zed-industries#44745)
- PaneSearchBarCallbacks global (search bar setup extracted from vim)
- Settings migrations for nested platform/channel/profile keys (zed-industries#48550)
- Shell parser: I/O redirects, here-documents, compound commands (zed-industries#48635)
- Hardened tool authorization: sensitive settings, deferred ops (zed-industries#48641)
- rm security bypass fixes (zed-industries#48640, zed-industries#48647)
- MCP tool name parsing fix: newline delimiter (zed-industries#48636)
- Canonicalize --user-data-dir path (zed-industries#48470)
- Fix text_threads_dir XDG spec compliance (zed-industries#45771)
- Buffer font for folds (zed-industries#48652)
- Multibuffer toolbar layout shift fix (zed-industries#48472)
- Editor: tabs bitmask syncing (zed-industries#48366)

Conflict resolution:
- collab tests: deleted (collab removed)
- util/archive.rs, util/shell.rs: deleted (extracted to Obsydian)
- copilot_ui/sign_in.rs: kept native_button style
- editor_tests.rs: merged imports (kept MoveItemToPaneInDirection, added ViewId/FollowEvent)
- lsp_store.rs: took upstream refactored imports, added FoldingRangeData, removed collab imports
- main.rs: added PaneSearchBarCallbacks, removed vim::init

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

cla-signed The user has signed the Contributor License Agreement staff Pull requests authored by a current member of Zed staff

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rtfeldman