From 4547db86a0bf60bda9406cfd7c0772c199d75685 Mon Sep 17 00:00:00 2001 From: Paul Banks Date: Fri, 14 Jun 2019 16:21:05 +0100 Subject: [PATCH] Allow /dev/fd/ paths for config files. Fixes #7258 Signed-off-by: Paul Banks --- source/common/filesystem/posix/filesystem_impl.cc | 11 +++++++++++ test/common/filesystem/filesystem_impl_test.cc | 2 ++ tools/spelling_dictionary.txt | 3 +++ 3 files changed, 16 insertions(+) diff --git a/source/common/filesystem/posix/filesystem_impl.cc b/source/common/filesystem/posix/filesystem_impl.cc index 214d97aed3240..5d1b3b03eb8da 100644 --- a/source/common/filesystem/posix/filesystem_impl.cc +++ b/source/common/filesystem/posix/filesystem_impl.cc @@ -87,6 +87,17 @@ std::string InstanceImplPosix::fileReadToEnd(const std::string& path) { } bool InstanceImplPosix::illegalPath(const std::string& path) { + // Special case, allow /dev/fd/* access here so that config can be passed in a + // file descriptor from an execing bootstrap script. The reason we do this + // _before_ canonicalizing the path is that different unix flavors implement + // /dev/fd/* differently, for example on linux they are symlinks to /dev/pts/* + // which are symlinks to /proc/self/fds/. On BSD (and darwin) they are not + // symlinks at all. To avoid lots of platform, specifics, we whitelist + // /dev/fd/* _before_ resolving the canonical path. + if (absl::StartsWith(path, "/dev/fd/")) { + return false; + } + const Api::SysCallStringResult canonical_path = canonicalPath(path); if (canonical_path.rc_.empty()) { ENVOY_LOG_MISC(debug, "Unable to determine canonical path for {}: {}", path, diff --git a/test/common/filesystem/filesystem_impl_test.cc b/test/common/filesystem/filesystem_impl_test.cc index 47a657d220a80..f5576e822b651 100644 --- a/test/common/filesystem/filesystem_impl_test.cc +++ b/test/common/filesystem/filesystem_impl_test.cc @@ -131,6 +131,8 @@ TEST_F(FileSystemImplTest, IllegalPath) { #else EXPECT_TRUE(file_system_.illegalPath("/dev")); EXPECT_TRUE(file_system_.illegalPath("/dev/")); + // Exception to allow opening from file descriptors. See #7258. + EXPECT_FALSE(file_system_.illegalPath("/dev/fd/0")); EXPECT_TRUE(file_system_.illegalPath("/proc")); EXPECT_TRUE(file_system_.illegalPath("/proc/")); EXPECT_TRUE(file_system_.illegalPath("/sys")); diff --git a/tools/spelling_dictionary.txt b/tools/spelling_dictionary.txt index ced4cb24a3d71..f8127d5bac16e 100644 --- a/tools/spelling_dictionary.txt +++ b/tools/spelling_dictionary.txt @@ -385,6 +385,7 @@ cstring ctor ctrl customizations +darwin dbg de dechunking @@ -631,6 +632,7 @@ pthreads pton ptr ptrs +pts pwd py qps @@ -718,6 +720,7 @@ structs subexpr subdirs symlink +symlinks symlinked sync sys