Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cp 1.15 #82384

Merged
merged 1 commit into from
Sep 9, 2019
Merged

Cp 1.15 #82384

merged 1 commit into from
Sep 9, 2019
+114 −77

Conversation

tallclair
Copy link
Member

What type of PR is this?
/kind bug

What this PR does / why we need it:

Fix the kubectl cp untarr symlink logic. Unpacking the symlinks after all the regular files have been unpacked guarantees that a file can't be written through a symlink. Furthermore, we still call mkDirAll for the symlink names, so symlink chaining is prevented as well.

This greatly simplifies the symlink resolution logic, and is robust to corner cases we have missed in the past.

Special notes for your reviewer:

Please review carefully. This is changing a bunch of logic that we've had a lot of issues with in the past.

Does this PR introduce a user-facing change?:

kubectl cp now safely allows unpacking of symlinks that may point outside the destination directory

/sig cli
/milestone v1.15
/assign @soltysh

@k8s-ci-robot k8s-ci-robot added this to the v1.15 milestone Sep 5, 2019
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. kind/bug Categorizes issue or PR as related to a bug. sig/cli Categorizes an issue or PR as relevant to SIG CLI. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 5, 2019
@tallclair
Copy link
Member Author

/assign @M00nF1sh

soltysh
soltysh approved these changes Sep 5, 2019
View reviewed changes
Copy link
Contributor

@soltysh soltysh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nit.
/lgtm
/approve

pkg/kubectl/cmd/cp/cp.go Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 5, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: soltysh, tallclair

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 5, 2019
This was referenced Sep 5, 2019
Closed
Closed
Closed
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 5, 2019
@tallclair
Copy link
Member Author

Fixed the gofmt/vet issues

soltysh
soltysh approved these changes Sep 5, 2019
View reviewed changes
Copy link
Contributor

@soltysh soltysh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/priority important-longterm

@k8s-ci-robot k8s-ci-robot added priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 5, 2019
@M00nF1sh
Copy link
Contributor

M00nF1sh commented Sep 6, 2019

/lgtm
wondering whether it's fine to allow create symbol-links points to outside of working directory..
e.g. if some one use kubectl cp twice to same working directory, which first one create symbol link to outside of working directory and second one try to write the file, is this considered a security issue?

@tallclair
Copy link
Member Author

if some one use kubectl cp twice to same working directory, which first one create symbol link to outside of working directory and second one try to write the file, is this considered a security issue?

Valid question, but IMO we shouldn't worry about this case.

@k8s-ci-robot
Copy link
Contributor

New changes are detected. LGTM label has been removed.

@tallclair
Copy link
Member Author

Fixed comment typo. Reapplying lgtm.

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 6, 2019
@tallclair tallclair added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 6, 2019
@tallclair
Copy link
Member Author

If we want to minimize the changes, I can also add the symlink restrictions back in, but still create the symlinks at the end.

@tallclair
Copy link
Member Author

/assign @Bubblemelon
For cherry-pick approval

@tpepper tpepper added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Sep 9, 2019
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. label Sep 9, 2019
This was referenced Sep 9, 2019
Merged
Merged
@tallclair
Copy link
Member Author

/retest

1 similar comment
@seans3
Copy link
Contributor

seans3 commented Sep 9, 2019

/retest

@k8s-ci-robot k8s-ci-robot merged commit f719090 into kubernetes:release-1.15 Sep 9, 2019
k8s-ci-robot added a commit that referenced this pull request Sep 11, 2019
@k8s-ci-robot
Merge pull request #82503 from tallclair/automated-cherry-pick-of-#82…
dc0c670 
…384-upstream-release-1.13

Automated cherry pick of #82384: Reorder symlinks to prevent path escapes
k8s-ci-robot added a commit that referenced this pull request Sep 11, 2019
@k8s-ci-robot
Merge pull request #82502 from tallclair/automated-cherry-pick-of-#82…
541da77 
…384-upstream-release-1.14

Automated cherry pick of #82384: Reorder symlinks to prevent path escapes
@sallyom sallyom mentioned this pull request Sep 20, 2019
Merged
@liggitt liggitt mentioned this pull request Feb 3, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@soltysh soltysh soltysh approved these changes

@eparis eparis Awaiting requested review from eparis

@juanvallejo juanvallejo Awaiting requested review from juanvallejo

Assignees

@soltysh soltysh

@Bubblemelon Bubblemelon

@M00nF1sh M00nF1sh

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubectl cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cli Categorizes an issue or PR as relevant to SIG CLI. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.15
Development

Successfully merging this pull request may close these issues.
7 participants
@tallclair @k8s-ci-robot @M00nF1sh @seans3 @soltysh @tpepper @Bubblemelon