-
Notifications
You must be signed in to change notification settings - Fork 40k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect backsteps correctly in base path detection #61080
Conversation
@kubernetes/sig-storage-pr-reviews @kubernetes/sig-storage-bugs |
cc @tallclair |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -325,7 +325,7 @@ func pathWithinBase(fullPath, basePath string) bool { | |||
if err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function is also implemented in Kubelet, although I'm not sure it's used anywhere? https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/util/util.go#L51
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see any uses of that method on master, v1.9.4, v1.8.9, or v1.7.9
$ ag 'pathWithinBase'
pkg/util/mount/mount_windows_test.go
544: result := pathWithinBase(test.fullPath, test.basePath)
545: assert.Equal(t, result, test.expectedResult, "Expect result not equal with pathWithinBase(%s, %s) return: %q, expected: %q",
pkg/util/mount/mount_linux_test.go
407: if pathWithinBase(test.fullPath, test.basePath) != test.expected {
pkg/util/mount/mount_linux.go
732: if !pathWithinBase(evalSubPath, subpath.VolumePath) {
912: if !pathWithinBase(endDir, baseDir) {
949: if !pathWithinBase(pathname, base) {
976: if !pathWithinBase(fullExistingPath, base) {
1121: if !pathWithinBase(currentPath, base) {
pkg/util/mount/mount_windows.go
329: if !pathWithinBase(currentFullPath, volumePath) {
473: if !pathWithinBase(pathname, base) {
508: if !pathWithinBase(fullExistingPath, fullBasePath) {
pkg/util/mount/mount.go
322:// pathWithinBase checks if give path is within given base directory.
323:func pathWithinBase(fullPath, basePath string) bool {
pkg/kubelet/util/util.go
51:func pathWithinBase(fullPath, basePath string) bool {
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed the unused function. similar faulty logic exists in pkg/util/mount/mount_windows.go
lockAndCheckSubPathWithoutSymlink and findExistingPrefix
pkg/util/mount/mount_windows.go
Outdated
@@ -291,7 +291,7 @@ func lockAndCheckSubPathWithoutSymlink(volumePath, subPath string) ([]uintptr, e | |||
if err != nil { | |||
return []uintptr{}, fmt.Errorf("Rel(%s, %s) error: %v", volumePath, subPath, err) | |||
} | |||
if strings.HasPrefix(relSubPath, "..") { | |||
if relSubPath == ".." || strings.HasPrefix(relSubPath, ".."+string(filepath.Separator)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@andyzhangx, can you verify this is correct? (does filepath.Rel always produce ..\
backstep paths on windows or would a subPath of ../...
get preserved and fail this check?
pkg/util/mount/mount_windows.go
Outdated
@@ -552,7 +552,7 @@ func findExistingPrefix(base, pathname string) (string, []string, error) { | |||
return base, nil, err | |||
} | |||
|
|||
if strings.HasPrefix(rel, "..") { | |||
if rel == ".." || strings.HasPrefix(rel, ".."+string(filepath.Separator)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@andyzhangx same here
Avoid false positives with atomic writer ..<timestamp> directories
Will this be released as 1.9.5 (for the 1.9 series)? Or is it better to downgrade for the time being? |
yes, this will be cherry-picked to 1.7.x, 1.8.x, and 1.9.x |
/lgtm |
fyi @kubernetes/sig-release-misc |
[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process @andyzhangx @jsafrane @liggitt @tallclair Pull Request Labels
|
Context("Atomic writer volumes", func() { | ||
var err error | ||
|
||
BeforeEach(func() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit - Do we need an AfterEach to cleanup the secret and configmap? How about the pods? (where do they get cleaned up?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need an AfterEach to cleanup the secret and configmap?
not really... these just hang around for the duration of the test (and if they already exist, the setup tolerates it)
where do they get cleaned up?
the entire namespace gets deleted at the end of each test, which cleans everything up
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @liggitt !
/assign @tallclair For |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andyzhangx, jsafrane, liggitt, tallclair The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Automatic merge from submit-queue (batch tested with PRs 60737, 60739, 61080, 60968, 60951). If you want to cherry-pick this change to another branch, please follow the instructions here. |
Avoids false positives with atomic writer
..<timestamp>
directoriesFixes #61076
/assign @msau42 @jsafrane