Data

Tools

Indexes

Applications

Experiments

Packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

Top 2.3% on proxy.golang.org
Top 0.1% dependent packages on proxy.golang.org
Top 0.1% dependent repos on proxy.golang.org
Top 6.3% forks on proxy.golang.org
Top 0.1% docker downloads on proxy.golang.org

proxy.golang.org : github.com/cyphar/filepath-securejoin

Package securejoin implements a set of helpers to make it easier to write Go code that is safe against symlink-related escape attacks. The primary idea is to let you resolve a path within a rootfs directory as if the rootfs was a chroot. securejoin has two APIs, a "legacy" API and a "modern" API. The legacy API is SecureJoin and SecureJoinVFS. These methods are **not** safe against race conditions where an attacker changes the filesystem after (or during) the SecureJoin operation. The new API is available in the pathrs-lite subpackage, and provide protections against racing attackers as well as several other key protections against attacks often seen by container runtimes. As the name suggests, pathrs-lite is a stripped down (pure Go) reimplementation of libpathrs. The main APIs provided are OpenInRoot, MkdirAll, and procfs.Handle -- other APIs are not planned to be ported. The long-term goal is for users to migrate to libpathrs which is more fully-featured. securejoin has been used by several container runtimes (Docker, runc, Kubernetes, etc) for quite a few years as a de-facto standard for operating on container filesystem paths "safely". However, most users still use the legacy API which is unsafe against various attacks (there is a fairly long history of CVEs in dependent as a result). Users should switch to the modern API as soon as possible (or even better, switch to libpathrs). This project was initially intended to be included in the Go standard library, but it was rejected (see https://go.dev/issue/20126). Much later, os.Root was added to the Go stdlib that shares some of the goals of filepath-securejoin. However, its design is intended to work like openat2(RESOLVE_BENEATH) which does not fit the usecase of container runtimes and most system tools.

Registry - Source - Documentation - JSON
purl: pkg:golang/github.com/cyphar/filepath-securejoin
Keywords: filesystem , golang , proposal , symlink
License: BSD-3-Clause,MPL-2.0
Latest release: 29 days ago
First release: over 8 years ago
Namespace: github.com/cyphar
Dependent packages: 5,997
Dependent repositories: 21,974
Stars: 102 on GitHub
Forks: 21 on GitHub
Docker dependents: 5,065
Docker downloads: 19,714,523,969
Total Commits: 109
Committers: 8
Average commits per author: 13.625
Development Distribution Score (DDS): 0.358
More commit stats: commits.ecosyste.ms
See more repository details: repos.ecosyste.ms
Last synced: 4 days ago

    Loading...
    Readme
    Loading...