mirror of https://github.com/aljazceru/kata-containers.git synced 2026-01-26 01:34:23 +01:00

Files

Liu Jiang b63774ec61 libs/safe-path: add crate to safely resolve fs paths

There are always path(symlink) based attacks, so the `safe-path` crate
tries to provde some mechanisms to harden path resolution related code.

Fixes: #3451

Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>

2022-04-21 10:01:21 +08:00

824 B

Raw Blame History

Safe Path

A library to safely handle filesystem paths, typically for container runtimes.

There are often path related attacks, such as symlink based attacks, TOCTTOU attacks. The safe-path crate provides several functions and utility structures to protect against path resolution related attacks.

Support

Operating Systems:

Linux

Reference

filepath-securejoin: secure_join() written in Go.
CVE-2021-30465: symlink related TOCTOU flaw in runC.

License

This code is licensed under Apache-2.0.

824 B Raw Blame History

Safe Path

Support

Reference

License

824 B

Raw Blame History