You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a bug in Generic Worker which occurs when a task payload specifies an absolute path to an artifact, or an absolute path to a file or directory inside a mount. Instead of respecting the provided path, Generic Worker effectively strips any leading slash and then evaluates the path as a relative path from the task directory. This is due to it internally using go's filepath.Join function which has this behaviour:
filepath.Join(<taskdirectory>, <providedpath>)
Instead, Generic Worker should first check if the provided path is absolute, and only join it to the task directory if it is not.
Note absolute paths are useful for e.g. mounting under /usr/local/bin or e.g. publishing artifacts from files inside /var/log and since mounting/publishing artifacts is performed as task user, there is no reason to forbid absolute file locations. The OS already limits where the (unprivileged) task user can read/write, and the task commands also are not subject to such restrictions.
Of course relative paths are still supported, and are expected for files inside the task directory (since task author cannot predict what the task directory path will be), and paths are allowed to start with e.g. ../ if really desired, since they do not pose any additional security risk.
The text was updated successfully, but these errors were encountered:
There is a bug in Generic Worker which occurs when a task payload specifies an absolute
path
to an artifact, or an absolute path to afile
ordirectory
inside a mount. Instead of respecting the provided path, Generic Worker effectively strips any leading slash and then evaluates the path as a relative path from the task directory. This is due to it internally using go'sfilepath.Join
function which has this behaviour:Instead, Generic Worker should first check if the provided path is absolute, and only join it to the task directory if it is not.
Note absolute paths are useful for e.g. mounting under
/usr/local/bin
or e.g. publishing artifacts from files inside/var/log
and since mounting/publishing artifacts is performed as task user, there is no reason to forbid absolute file locations. The OS already limits where the (unprivileged) task user can read/write, and the task commands also are not subject to such restrictions.Of course relative paths are still supported, and are expected for files inside the task directory (since task author cannot predict what the task directory path will be), and paths are allowed to start with e.g.
../
if really desired, since they do not pose any additional security risk.The text was updated successfully, but these errors were encountered: