Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: accept sysctl/sysfs paths with dots #7879

Merged
merged 1 commit into from
Oct 20, 2023
Merged

fix: accept sysctl/sysfs paths with dots #7879

merged 1 commit into from
Oct 20, 2023

Conversation

nberlee
Copy link
Contributor

@nberlee nberlee commented Oct 20, 2023

fixes: #7878

Pull Request

What? (description)

Why? (reasoning)

Acceptance

Please use the following checklist:

  • you linked an issue (if applicable)
  • you included tests (if applicable)
  • you ran conformance (make conformance)
  • you formatted your code (make fmt)
  • you linted your code (make lint)
  • you generated documentation (make docs)
  • you ran unit-tests (make unit-tests)

See make help for a description of the available targets.

smira
smira reviewed Oct 20, 2023
View reviewed changes
Copy link
Member

@smira smira left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, for fixing it, it looks like the standard approach is to use first / to make it treat dots as literal dots:

opencontainers/runc#3256

I can fix it up

smira
smira approved these changes Oct 20, 2023
View reviewed changes
Copy link
Member

@smira smira left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed it up to comply with sysctl utility handling, but same idea

@smira smira added this to the v1.6 milestone Oct 20, 2023
@smira
Copy link
Member

smira commented Oct 20, 2023

/ok-to-test

@nberlee
Copy link
Contributor Author

nberlee commented Oct 20, 2023

fixed it up to comply with sysctl utility handling, but same idea

Yes, thank you! This is safer because it mitigates path-traversal. Something only thought of later.

@smira
Copy link
Member

smira commented Oct 20, 2023

Yes, thank you! This is safer because it mitigates path-traversal. Something only thought of later.

actually path traversal was (and still is) a problem... not a security issue per se, as it's part of the machine config, but nice to avoid

@smira
Copy link
Member

smira commented Oct 20, 2023

Yes, thank you! This is safer because it mitigates path-traversal. Something only thought of later.

actually path traversal was (and still is) a problem... not a security issue per se, as it's part of the machine config, but nice to avoid

I added path.Clean() to prevent "stupid" path traversal at least.

@nberlee @smira
fix: accept sysctl paths with dots
a009f5c 
Fixes #7878

Signed-off-by: Nico Berlee <[email protected]>
Signed-off-by: Andrey Smirnov <[email protected]>
@smira
Copy link
Member

smira commented Oct 20, 2023

/m

@talos-bot talos-bot merged commit a009f5c into siderolabs:main Oct 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smira smira smira approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.6
Development

Successfully merging this pull request may close these issues.

unable set sysctl with a dot in the path (vlan interface)
3 participants
@nberlee @smira @talos-bot