Skip to content

Commit d0ded9d

Browse files
committed
fix symlink handling in checkpoint restore
Under normal circumstances this is not a problem as the archive file created podman container checkpoint will no create symlinks. However if a user passes a custom archive they could contain symlinks that point outside our root. To resolve them within the root use securejoin. Note this is not a security problem because the full archive must be trusted by a user to begin with as it contain the full container config. Fixes: #27977 Signed-off-by: Paul Holzinger <pholzing@redhat.com> (cherry picked from commit abb5120) Signed-off-by: Paul Holzinger <pholzing@redhat.com>
1 parent de57e24 commit d0ded9d

1 file changed

Lines changed: 6 additions & 1 deletion

File tree

pkg/checkpoint/crutils/checkpoint_restore_utils.go

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111

1212
metadata "github.com/checkpoint-restore/checkpointctl/lib"
1313
"github.com/checkpoint-restore/go-criu/v7/stats"
14+
securejoin "github.com/cyphar/filepath-securejoin"
1415
"github.com/opencontainers/selinux/go-selinux/label"
1516
"go.podman.io/storage/pkg/archive"
1617
)
@@ -87,7 +88,11 @@ func CRRemoveDeletedFiles(id, baseDirectory, containerRootDirectory string) erro
8788
for _, deleteFile := range deletedFiles {
8889
// Using RemoveAll as deletedFiles, which is generated from 'podman diff'
8990
// lists completely deleted directories as a single entry: 'D /root'.
90-
if err := os.RemoveAll(filepath.Join(containerRootDirectory, deleteFile)); err != nil {
91+
path, err := securejoin.SecureJoin(containerRootDirectory, deleteFile)
92+
if err != nil {
93+
return fmt.Errorf("failed to resolve path %q in container %s: %w", deleteFile, id, err)
94+
}
95+
if err := os.RemoveAll(path); err != nil {
9196
return fmt.Errorf("failed to delete files from container %s during restore: %w", id, err)
9297
}
9398
}

0 commit comments

Comments
 (0)