in cmd/urunc/delete.go exactly this line https://github.com/urunc-dev/urunc/blob/main/cmd/urunc/delete.go#L65 we are contructing a container directory path and deleting it without any validation.
that could introduce some vulnerabilities. filepath.Join cleans the path resolving like .. . however it does not prevent the final path from exiting the rootDir.
if an attacker can control/influence the containerID through a malicious orchestration payload, or direct CLI usage they can inject path travel sequences. example filepath.Join("/run/urunc/", "../../../etc/cron.d")
fyi, runc does this exact same validation https://github.com/opencontainers/runc/blob/main/libcontainer/factory_linux.go#L192-L219
so its probably good for us to have that validation as well.
I'd be happy to help with this one.
in
cmd/urunc/delete.goexactly this line https://github.com/urunc-dev/urunc/blob/main/cmd/urunc/delete.go#L65 we are contructing a container directory path and deleting it without any validation.that could introduce some vulnerabilities.
filepath.Joincleans the path resolving like...however it does not prevent the final path from exiting the rootDir.if an attacker can control/influence the containerID through a malicious orchestration payload, or direct CLI usage they can inject path travel sequences. example
filepath.Join("/run/urunc/", "../../../etc/cron.d")fyi,
runcdoes this exact same validation https://github.com/opencontainers/runc/blob/main/libcontainer/factory_linux.go#L192-L219so its probably good for us to have that validation as well.
I'd be happy to help with this one.