Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't allow backsteps in local volume plugin #47207

Closed
msau42 opened this issue Jun 8, 2017 · 7 comments · Fixed by #47236
Closed

Don't allow backsteps in local volume plugin #47207

msau42 opened this issue Jun 8, 2017 · 7 comments · Fixed by #47236
Labels
kind/bug Categorizes issue or PR as related to a bug. sig/storage Categorizes an issue or PR as relevant to SIG Storage.
Milestone
v1.7

Comments

@msau42
Copy link
Member

msau42 commented Jun 8, 2017

Kubernetes version (use kubectl version): 1.7

Similar to #47107, we need to check for backsteps in the path ("/foo/bar/../../../baz") for the local volume. It should be checked in the API validation, and also at mount time.
@k8s-github-robot
Copy link

@msau42 There are no sig labels on this issue. Please add a sig label by:
(1) mentioning a sig: @kubernetes/sig-<team-name>-misc
(2) specifying the label manually: /sig <label>

Note: method (1) will trigger a notification to the team. You can find the team list here and label list here

@k8s-github-robot k8s-github-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jun 8, 2017
@msau42
Copy link
Member Author

msau42 commented Jun 8, 2017

/sig storage

@k8s-ci-robot k8s-ci-robot added the sig/storage Categorizes an issue or PR as relevant to SIG Storage. label Jun 8, 2017
@k8s-github-robot k8s-github-robot removed the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jun 8, 2017
@msau42
Copy link
Member Author

msau42 commented Jun 8, 2017

@ddysher, would you be able to look at this?

@msau42
Copy link
Member Author

msau42 commented Jun 8, 2017

To clarify, I don't think this is critical to fix in 1.7 (for local volumes). Only the adminstrator can create local PVs, so the paths they export are under their control.

@ddysher
Copy link
Contributor

ddysher commented Jun 8, 2017

sure, i'll take a look after external provisioner work.

@dixudx dixudx mentioned this issue Jun 9, 2017
Merged
@liggitt
Copy link
Member

liggitt commented Jun 9, 2017

if you want to change API validation, you should do it before 1.7 releases, since the field is new. Changing validation on a released field is much harder

@dchen1107 dchen1107 added this to the v1.7 milestone Jun 21, 2017
@dchen1107 dchen1107 added the kind/bug Categorizes issue or PR as related to a bug. label Jun 21, 2017
@dchen1107
Copy link
Member

Approved this for 1.7 release based on the conversation with @liggitt and the engineers from @kubernetes/sig-storage-misc

k8s-github-robot pushed a commit that referenced this issue Jun 21, 2017
Merge pull request #47236 from dixudx/not_allow_backsteps_in_local_vo…
1184ce8 
…lume

Automatic merge from submit-queue (batch tested with PRs 34515, 47236, 46694, 47819, 47792)

not allow backsteps in local volume plugin

**Which issue this PR fixes** : fixes #47207

**Special notes for your reviewer**:
cc @msau42 @ddysher
Just follow @liggitt [commented](#47107 (comment)).

**Release note**:
```release-note
NONE
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. sig/storage Categorizes an issue or PR as relevant to SIG Storage.
Projects
None yet
Milestone
v1.7
Development

Successfully merging a pull request may close this issue.

not allow backsteps in local volume plugin dixudx/kubernetes
6 participants
@liggitt @ddysher @dchen1107 @k8s-github-robot @k8s-ci-robot @msau42