Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cp 1.15 #82384

Merged
merged 1 commit into from Sep 9, 2019
Merged

Cp 1.15 #82384

merged 1 commit into from Sep 9, 2019

Conversation

@tallclair
Copy link
Member

tallclair commented Sep 5, 2019

What type of PR is this?
/kind bug

What this PR does / why we need it:

Fix the kubectl cp untarr symlink logic. Unpacking the symlinks after all the regular files have been unpacked guarantees that a file can't be written through a symlink. Furthermore, we still call mkDirAll for the symlink names, so symlink chaining is prevented as well.

This greatly simplifies the symlink resolution logic, and is robust to corner cases we have missed in the past.

Special notes for your reviewer:

Please review carefully. This is changing a bunch of logic that we've had a lot of issues with in the past.

Does this PR introduce a user-facing change?:

kubectl cp now safely allows unpacking of symlinks that may point outside the destination directory

/sig cli
/milestone v1.15
/assign @soltysh

@tallclair

This comment has been minimized.

Copy link
Member Author

tallclair commented Sep 5, 2019

/assign @M00nF1sh

@soltysh
soltysh approved these changes Sep 5, 2019
Copy link
Contributor

soltysh left a comment

One nit.
/lgtm
/approve

pkg/kubectl/cmd/cp/cp.go Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot added the lgtm label Sep 5, 2019
@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Sep 5, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: soltysh, tallclair

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tallclair

This comment has been minimized.

Copy link
Member Author

tallclair commented Sep 5, 2019

Fixed the gofmt/vet issues

@soltysh
soltysh approved these changes Sep 5, 2019
Copy link
Contributor

soltysh left a comment

/lgtm
/priority important-longterm

@M00nF1sh

This comment has been minimized.

Copy link
Contributor

M00nF1sh commented Sep 6, 2019

/lgtm
wondering whether it's fine to allow create symbol-links points to outside of working directory..
e.g. if some one use kubectl cp twice to same working directory, which first one create symbol link to outside of working directory and second one try to write the file, is this considered a security issue?

@tallclair

This comment has been minimized.

Copy link
Member Author

tallclair commented Sep 6, 2019

if some one use kubectl cp twice to same working directory, which first one create symbol link to outside of working directory and second one try to write the file, is this considered a security issue?

Valid question, but IMO we shouldn't worry about this case.

@tallclair tallclair force-pushed the tallclair:cp-1.15 branch from f60a08a to 302d236 Sep 6, 2019
@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Sep 6, 2019

New changes are detected. LGTM label has been removed.

@tallclair

This comment has been minimized.

Copy link
Member Author

tallclair commented Sep 6, 2019

Fixed comment typo. Reapplying lgtm.

@k8s-ci-robot k8s-ci-robot removed the lgtm label Sep 6, 2019
@tallclair tallclair added the lgtm label Sep 6, 2019
@tallclair

This comment has been minimized.

Copy link
Member Author

tallclair commented Sep 6, 2019

If we want to minimize the changes, I can also add the symlink restrictions back in, but still create the symlinks at the end.

@tallclair

This comment has been minimized.

Copy link
Member Author

tallclair commented Sep 9, 2019

/assign @Bubblemelon
For cherry-pick approval

@tallclair

This comment has been minimized.

Copy link
Member Author

tallclair commented Sep 9, 2019

/retest

1 similar comment
@seans3

This comment has been minimized.

Copy link
Contributor

seans3 commented Sep 9, 2019

/retest

@k8s-ci-robot k8s-ci-robot merged commit f719090 into kubernetes:release-1.15 Sep 9, 2019
25 checks passed
25 checks passed
cla/linuxfoundation tallclair authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-conformance-image-test Skipped.
pull-kubernetes-conformance-kind-ipv6 Skipped.
pull-kubernetes-cross Skipped.
pull-kubernetes-dependencies Job succeeded.
Details
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Skipped.
pull-kubernetes-e2e-gce-alpha-features Skipped.
pull-kubernetes-e2e-gce-csi-serial Skipped.
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-gce-iscsi Skipped.
pull-kubernetes-e2e-gce-iscsi-serial Skipped.
pull-kubernetes-e2e-gce-storage-slow Skipped.
pull-kubernetes-godeps Skipped.
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-local-e2e Skipped.
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-node-e2e-containerd Skipped.
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
pull-publishing-bot-validate Skipped.
tide In merge pool.
Details
k8s-ci-robot added a commit that referenced this pull request Sep 11, 2019
…384-upstream-release-1.13

Automated cherry pick of #82384: Reorder symlinks to prevent path escapes
k8s-ci-robot added a commit that referenced this pull request Sep 11, 2019
…384-upstream-release-1.14

Automated cherry pick of #82384: Reorder symlinks to prevent path escapes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.