Skip to content

libpathrs v0.1.1 -- "頒布と聞いたら蛇に睨まれた蛙になるよ"
Compare
Choose a tag to compare
@cyphar cyphar released this 02 Oct 02:01
· 205 commits to main since this release
v0.1.1
This tag was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 2897FAD2B7E9446F
Verified
Learn about vigilant mode.
8d0569a
This commit was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 2897FAD2B7E9446F
Verified
Learn about vigilant mode.

This is the first patch release of the 0.1.z branch of libpathrs. The
primary fixes are related to packaging the Python libpathrs bindings for
distributions.

  • procfs: add support for operating on files in the /proc root (or other
    processes) with ProcfsBase::ProcRoot.

    While the cached file descriptor shouldn't leak into containers (container
    runtimes know to set PR_SET_DUMPABLE, and our cached file descriptor is
    O_CLOEXEC), I felt a little uncomfortable about having a global unmasked
    procfs handle sitting around in libpathrs. So, in order to avoid making a
    file descriptor leak by a libpathrs user catastrophic, libpathrs will
    always try to use a "limited" procfs handle as the global cached handle
    (which is much safer to leak into a container) and for operations on
    ProcfsBase::ProcRoot, a temporary new "unrestricted" procfs handle is
    created just for that operartion. This is more expensive, but it avoids a
    potential leak turning into a breakout or other nightmare scenario.

  • python bindings: The cffi build script is now a little easier to use for
    distributions that want to build the python bindings at the same time as the
    main library. After compiling the library, set the PATHRS_SRC_ROOT
    environment variable to the root of the libpathrs source directory. This
    will instruct the cffi build script (when called from setup.py or
    python3 -m build) to link against the library built in the source directory
    rather than using system libraries. As long as you install the same library
    later, this should cause no issues.

    Standard wheel builds still work the same way, so users that want to link
    against the system libraries don't need to make any changes.

  • Root::mkdir_all no longer does strict verification that directories craeted
    by mkdir_all "look right" after opening each component. These checks didn't
    protect against any practical attack (since an attacker could just get us to
    use a directory by creating it before Root::mkdir_all and we would happily
    use it) and just resulted in spurious errors when dealing with complicated
    filesystem configurations (POSIX ACLs, weird filesystem-specific mount
    options). (#71)

  • capi: Passing invalid pathrs_proc_base_t values to pathrs_proc_* will now
    return an error rather than resulting in Undefined Behaviour™.

Thanks to the following people who made this release possible:

Signed-off-by: Aleksa Sarai [email protected]

Assets 2
Loading