Commits on Nov 30, 2023

1. [core][state][log] State API should not allow reading files outside o… …

   …f the ray log directory on all ray nodes. (ray-project#41467)
   
   State API log retrieval has a security bug where one could pass:
   
   relative paths like "../../../xxx" to get file outside of ray's log dir
   absolute path that's refers to other files to get file somewhere else.
   This PR fixes both issues such that one could only read logs under the ray logs directory.
   
   ---------
   
   Signed-off-by: rickyyx <rickyx@anyscale.com>
   Signed-off-by: Edward Oakes <ed.nmi.oakes@gmail.com>

   

   rickyyx authored and edoakes committed Nov 30, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for bf4584a
   • Browse repository at this point

   Copy the full SHA

   bf4584a View commit details

   Browse the repository at this point in the history

2. [core][state][log] Enable following symlinks that point outside of th… …

   …e `root_log_dir` when resolving paths (ray-project#41502)
   
   Follow-up to: ray-project#41467. The change incidentally broke log retrieval on mac os because /tmp is a symlink to /private/tmp.
   
   This PR avoids resolving the symlink until after we do the subdir check. This solves the mac os problem and generically enables file paths that contain symlinks outside of the root_log_dir.
   
   ---------
   
   Signed-off-by: Edward Oakes <ed.nmi.oakes@gmail.com>

   

   edoakes committed Nov 30, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 5525dee
   • Browse repository at this point

   Copy the full SHA

   5525dee View commit details

   Browse the repository at this point in the history