科技回声

7 条评论

pdimitar超过 1 年前

This just cements my conviction that file systems not having transactional operations is a huge omission nowadays. It really is time to start having file systems that are not just huge mutable spaces, and be more like proper ACID databases.I hope somebody is working on it because as things are going in the last years, I'd be retired before I have the time for it.

评论 #37870252 未加载

Hello71超过 1 年前

<pre><code> (cd "$path" && [ "$(pwd -P)" = "$path" ] && chown -R buildkite-agent:buildkite-agent .) </code></pre> the real question though is why they're trusting just Docker alone to isolate customers; if they want the jobs to effectively be a single user to the system, they can even use unprivileged user namespaces?

评论 #37867926 未加载

评论 #37870296 未加载

kazinator超过 1 年前

I have a small project in this approximate area:<a href="https://www.kylheku.com/cgit/safepath/about/" rel="nofollow noreferrer">https://www.kylheku.com/cgit/safepath/about/</a>safepath is a function which tries to analyze whether a path is safe to use. Roughly that means that it doesn't resolve in some way that can be controlled by another (non-root) user.A something similar to this is in TXR Lisp under the name path-components-safe:<a href="https://www.kylheku.com/cgit/txr/tree/stdlib/path-test.tl?hl=txr-291#n206" rel="nofollow noreferrer">https://www.kylheku.com/cgit/txr/tree/stdlib/path-test.tl?hl...</a>

评论 #37867601 未加载

jrmg超过 1 年前

Why do the files have bad permissions to start with?

评论 #37867966 未加载

angry_octet超过 1 年前

There would traditionally been another TOCTOU is the described solution, namely hardlinks. This can often be used to get root to do something to a file it shouldn't.The trad solution is to have user writeable areas (home, vartmp, tmp) on different volumes. Some tools have options to not traverse symlinks across volumes for this and other reasons. But on modern systems you are protected by the fs.protected_hardlinks setting.<a href="https://wiki.alpinelinux.org/wiki/Sysctl.conf" rel="nofollow noreferrer">https://wiki.alpinelinux.org/wiki/Sysctl.conf</a>

评论 #37866800 未加载

评论 #37865791 未加载

blibble超过 1 年前

why is it running as root anyway?should probably setuid to the correct user and do the thing there instead

评论 #37873860 未加载

nunez超过 1 年前

test -L checks if a file is a symlink; no need for realpath comparisons (which is slower)

评论 #37868178 未加载

评论 #37867943 未加载

7 条评论

pdimitar超过 1 年前

评论 #37870252 未加载

Hello71超过 1 年前

评论 #37867926 未加载

评论 #37870296 未加载

kazinator超过 1 年前

评论 #37867601 未加载

jrmg超过 1 年前

Why do the files have bad permissions to start with?

评论 #37867966 未加载

angry_octet超过 1 年前

评论 #37866800 未加载

评论 #37865791 未加载

blibble超过 1 年前

why is it running as root anyway?should probably setuid to the correct user and do the thing there instead

评论 #37873860 未加载

nunez超过 1 年前

test -L checks if a file is a symlink; no need for realpath comparisons (which is slower)

评论 #37868178 未加载

评论 #37867943 未加载

The Quest to Secure chown and symlinks

7 条评论

The Quest to Secure chown and symlinks

7 条评论