Skip to content

[v14] Careful handling when loading files#31958

Merged
jentfoo merged 16 commits intobranch/v14from
bot/backport-31721-branch/v14
Sep 15, 2023
Merged

[v14] Careful handling when loading files#31958
jentfoo merged 16 commits intobranch/v14from
bot/backport-31721-branch/v14

Conversation

@jentfoo
Copy link
Copy Markdown
Contributor

@jentfoo jentfoo commented Sep 15, 2023

Backport #31721 to branch/v14

jentfoo and others added 16 commits September 15, 2023 15:19
@jentfoo
Careful handling when loading files
7bad607 
This commit attempts to provide a common API so that the decision of when to follow symlinks is a conscious decision.
Because Teleport (particularly the agent) runs in a privilege context, there is risk that following symlinks may allow information disclosure.

After review of the cases covered in this commit (and some additional cases where this API was not a natural fit), this does not appear to be a broad problem.  This commit however does fix the one known flaw described in the issue https://github.com/gravitational/teleport-private/issues/1009
@jentfoo
Apply PR feedback to rename OpenFile
ba538ad
@jentfoo
fs.go: Fix symlink evaluation
a9d28ce
@jentfoo
fs.go: Fix for rebuilding absolute paths in symlink check
0eaf14e
@jentfoo
fs_test.go: Add symlink testing
d6e90e8
@jentfoo @Tener
Apply suggestions from code review
b2ee118 
Co-authored-by: Krzysztof Skrzętnicki <krzysztof.skrzetnicki@goteleport.com>
@jentfoo
fs_test.go: Fix build for err reference
3b1c010
@jentfoo
fs.go: Apply PR feedback and consider Hardlinks
630b04e 
After PR discussion it was highlighted that MacOS does not guard against hardlinks in the same way linux does.  For that reason this implementation has been updated with OS conditional logic to validate against hardlinks.
@jentfoo
fs.go: Switch loop to range over components instead of index
6a99ae4
@jentfoo
Minor improvements from PR feedback
a6cadee
@jentfoo
fs_test.go: Test public OpenFile API's and include OS specific valida…
2164c25 
…tion
@jentfoo
Fix windows build
124a492 
Make hardlink count lookup code build conditional to avoid undefined syscall.Stat_t.
@jentfoo
utils.getHardLinkCount result order update from PR feedback
59f671f
@jentfoo
fs_windows.go: Comment improvements from PR feedback
8cf5339
@jentfoo
fs: Fix build for OSX
9580e56
@jentfoo
Disable lint error due to unecessary cast on linux
b10eebd
@jentfoo jentfoo self-assigned this Sep 15, 2023
@github-actions github-actions Bot added backport machine-id size/md tctl tctl - Teleport admin tool labels Sep 15, 2023
@jentfoo
Copy link
Copy Markdown
Contributor Author

jentfoo commented Sep 15, 2023

I thought these commits would be squashed, in the future I will cleanup the history first

@jentfoo jentfoo added this pull request to the merge queue Sep 15, 2023
Merged via the queue into branch/v14 with commit 9e166c0 Sep 15, 2023
@jentfoo jentfoo deleted the bot/backport-31721-branch/v14 branch September 15, 2023 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@r0mant r0mant r0mant approved these changes

@zmb3 zmb3 zmb3 approved these changes

Assignees

@jentfoo jentfoo

Labels

backport machine-id size/md tctl tctl - Teleport admin tool

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jentfoo @r0mant @zmb3