Closed scottmmorris closed 2 years ago
Tests need to be written for symlinks and also paths that use /../
anywhere to prevent the user escape the chroot.
This should affect the root inode and current directory state. You might need to generalise the protected constructor of EncryptedFS
.
What comes out should be a new EncryptedFS
instance, but one that shares the same FileDescriptorManager
, INodeManager
and DB
.
After some testing, I will need to change more than just the properties of the encrypted file system. I needed to change these lines in the navigate
function.
if (parse.segment === '..' && curdir === this.rootIno) {
target = curdir;
} else {
target = await this.iNodeMgr.dirGetEntry(tran, curdir, parse.segment);
}
Are hardlinks able to escape the chroot @CMCDragonkai ? The problem is that with hardlinks is that it doesn't use the navigate function
Yes hardlinks are fine. I don't think it's a problem.
But if you're in the chroot it won't be possible to hardlink something outside the chroot.
Only if you are in the root context would you be able to hardlink between vaults. And there isn't a secret operation to do this.
On 9/27/21 1:36 PM, Scott wrote:
Are hardlinks able to escape the chroot @CMCDragonkai https://github.com/CMCDragonkai ? The problem is that with hardlinks is that it doesn't use the navigate function
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MatrixAI/js-encryptedfs/pull/54#issuecomment-927501339, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE4OHJWZ5BVWFLNGL7VWN3UD7RENANCNFSM5EZPHLIA.
Ready for merge
Do you think chroot needs to be async? It seems like something that can be done synchronously.
Oh I see you're using a transaction nvm.
Description
This PR will introduce the
chroot
function into EFS. This function will return a reference to the existing EFS object with the root iNode changed to a specified path.Tasks
chroot
functionFinal checklist