Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

question: sandbox for following symlinks #226

Open
shqld opened this issue Aug 22, 2023 · 2 comments
Open

question: sandbox for following symlinks #226

shqld opened this issue Aug 22, 2023 · 2 comments
Labels
question Further information is requested

Comments

@shqld
Copy link
Contributor

shqld commented Aug 22, 2023

It looks there is differences about handling symlinks between uvwasi and wasmtime.

Assuming #224 was merged and given the file path is /var/dir/file and sandbox root is /var/dir:

Link Target \ Runtime wasmtime uvwasi (memo)
/var/dir/file NG OK wasmtime prohibits absolute paths without exception
./file OK OK
../file NG NG not in the sandbox root
../dir/file NG OK wasmtime prohibits relative paths referencing a path that once deviates from the root of the sandbox

I'd like to know whether this is expected behavior for uvwasi.
@tniessen tniessen added the question Further information is requested label Aug 23, 2023
@mhdawson
Copy link
Member

To confirm so you are aware your earlier PR and related questions from others have kicked off discussion on the topic and related issues which may take us a bit of time to get through.

@shqld
Copy link
Contributor Author

shqld commented Aug 24, 2023

Understood, thank you so much.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tniessen @mhdawson @shqld