Story #6335
closedAs a Pulp administrator, I have a setting to mark which areas of the filesystem are safe for export
100%
Description
The Concern¶
Using the file system exporter, users can export to any path on the file system that the pulp worker has access to. This is not safe between users and not safe for a Pulp administrator.
The solution¶
A new setting named ALLOWED_EXPORT_PATHS
will be introduced. This will be the "brother" to the ALLOWED_IMPORT_PATHS
setting from Issue 5974 except for restricting exports instead of imports.
The default¶
By default you can't export anywhere for security reasons. So the default will be ALLOWED_EXPORT_PATHS = []
Examples¶
If configured with ALLOWED_EXPORT_PATHS = ["/mnt/exports", "/var/lib/pulp/exports"]
you could export to any realpath that is at or a subpath of either /mnt/exports/
or /var/lib/pulp/exports
.
So these would be allowed:
/mnt/exports/foo/
/mnt/exports/bar/../
/mnt/exports/
/var/lib/pulp/exports/asdf/
These would not be allowed:
/some/other/dir/
/mnt/exports/../
Where to enforce and validate?¶
Validation should occur at Exporter runtime and occur at BaseExporter.
using realpath¶
We should use Python's realpath to handle any ..
or attempts to break out of the path. realpath
should be used before the path check happens.
Updated by fao89 almost 5 years ago
- Tracker changed from Issue to Story
- % Done set to 0
- Sprint Candidate changed from No to Yes
Updated by bmbouter almost 5 years ago
- Subject changed from Users can export to any file path to As a Pulp administrator, I have a setting to mark which areas of the filesystem are safe for export
- Description updated (diff)
Updated by daviddavis almost 5 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to daviddavis
Updated by pulpbot over 4 years ago
- Status changed from ASSIGNED to POST
Added by daviddavis over 4 years ago
Updated by daviddavis over 4 years ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulpcore|8f39ea9b3b632e5eaf6edde918f60a611ec9b951.
Updated by ttereshc over 4 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
- Sprint/Milestone set to 3.3.0
Added ALLOWED_EXPORT_PATHS setting
fixes #6335