Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WASI: file system rights doesn't work #3125

Closed
Mo-Fatah opened this issue Aug 22, 2022 · 3 comments · Fixed by #3240
Closed

WASI: file system rights doesn't work #3125

Mo-Fatah opened this issue Aug 22, 2022 · 3 comments · Fixed by #3240
Assignees
@fschutt
Labels
bug Something isn't working priority-medium Medium priority issue
Milestone
v3.0

Comments

@Mo-Fatah
Copy link

Mo-Fatah commented Aug 22, 2022
edited
Loading

Describe the bug

I am able to call many WASI APIs on a file descriptor that doesn't have the right to, and it works without any errors. I wrote an example here where I was able to call fd_write, fd_seek and fd_read on a file descriptor that doesn't have any base rights and no errors appeared and I was able to read and write to this file.

I am using

wasmer 2.3.0 | rustc 1.61.0 (fe5b13d68 2022-05-18) | x86_64

Steps to reproduce

  • You can run the example I mentioned above, or you can try to use (for example ) fd_read on a file descriptor that doesn't have fd_read rights and it will work without errors.

Expected behavior

  • The result should be an error, NOT_CAPABLE error I assume.

Actual behavior

  • The read and write operations is performed without any problems.

Additional context

According to the latest WASI standard, this is supposed to be a security issue. I don't know if the wasmer team is handling capabilities differently, or this is indeed a bug.
@Mo-Fatah Mo-Fatah added the bug Something isn't working label Aug 22, 2022
@syrusakbary
Copy link
Member

This seems a bug in our side, we need to investigate further. Thanks for opening the issue @Mo-Fatah

@syrusakbary syrusakbary added the priority-medium Medium priority issue label Sep 6, 2022
@syrusakbary syrusakbary added this to the v3.0 milestone Sep 6, 2022
This was referenced Sep 27, 2022
Closed
Closed
@syrusakbary
Copy link
Member

We tried to fix it, but CI is failing. Which indicates that there might be another bug in the Wasmer-WASI implementation, that we need to further investigate (we'll post our findings as we learn them on this issue)

@syrusakbary
Copy link
Member

syrusakbary commented Oct 5, 2022
edited
Loading

We tried to fix it, but CI is failing. Which indicates that there might be another bug in the Wasmer-WASI implementation, that we need to further investigate (we'll post our findings as we learn them on this issue). We want to wait on #3145 also as it's refactoring the WASI tests

@fschutt fschutt linked a pull request Oct 7, 2022 that will close this issue
Add failing test for debugging file descriptor and return 0 on BrokenPipe instead of Error #3201
Closed
@swwind swwind mentioned this issue Oct 19, 2022
Closed
@fschutt fschutt mentioned this issue Oct 19, 2022
Merged
@bors bors bot closed this as completed in 8357176 Oct 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fschutt fschutt

Labels
bug Something isn't working priority-medium Medium priority issue
Projects
None yet
Milestone
v3.0
3 participants
@syrusakbary @fschutt @Mo-Fatah