cjihrig
commented
1 month ago @yagehu it would be fantastic if you could implement the openat() algorithm used by WASI for sandboxing. There is some discussion about it in https://github.com/libuv/libuv/issues/4167. You could implement it directly in uvwasi if you don't want to send a PR to libuv. If that were implemented, I believe we could revert https://github.com/nodejs/uvwasi/commit/1da5f325af83d80fae20da75cdcfa1b308c50ada
path_openan absolute path should error. This behavior is consistent amongst Wasmtime, WasmEdge, Wazero, WAMR. Fixing this does not break clients using wasi-libc as it already strips the prefix by matching the path with the appropriate preopened directory.WASI folks have also stated absolute path should not work at the raw WASI level. https://github.com/WebAssembly/WASI/issues/374