Project

Profile

Help

Story #6335

As a Pulp administrator, I have a setting to mark which areas of the filesystem are safe for export

Added by daviddavis about 1 year ago. Updated about 1 year ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
Sprint:
Sprint 69
Quarter:

Description

The Concern

Using the file system exporter, users can export to any path on the file system that the pulp worker has access to. This is not safe between users and not safe for a Pulp administrator.

The solution

A new setting named ALLOWED_EXPORT_PATHS will be introduced. This will be the "brother" to the ALLOWED_IMPORT_PATHS setting from Issue 5974 except for restricting exports instead of imports.

The default

By default you can't export anywhere for security reasons. So the default will be ALLOWED_EXPORT_PATHS = []

Examples

If configured with ALLOWED_EXPORT_PATHS = ["/mnt/exports", "/var/lib/pulp/exports"] you could export to any realpath that is at or a subpath of either /mnt/exports/ or /var/lib/pulp/exports.

So these would be allowed:

/mnt/exports/foo/
/mnt/exports/bar/../
/mnt/exports/
/var/lib/pulp/exports/asdf/

These would not be allowed:

/some/other/dir/
/mnt/exports/../

Where to enforce and validate?

Validation should occur at Exporter runtime and occur at BaseExporter.

using realpath

We should use Python's realpath to handle any .. or attempts to break out of the path. realpath should be used before the path check happens.

Associated revisions

Revision 8f39ea9b View on GitHub
Added by daviddavis about 1 year ago

Added ALLOWED_EXPORT_PATHS setting

fixes #6335

History

#1 Updated by fao89 about 1 year ago

  • Tracker changed from Issue to Story
  • % Done set to 0
  • Sprint Candidate changed from No to Yes

#2 Updated by bmbouter about 1 year ago

  • Subject changed from Users can export to any file path to As a Pulp administrator, I have a setting to mark which areas of the filesystem are safe for export
  • Description updated (diff)

#3 Updated by bmbouter about 1 year ago

  • Description updated (diff)

#4 Updated by daviddavis about 1 year ago

  • Groomed changed from No to Yes

#5 Updated by rchan about 1 year ago

  • Sprint set to Sprint 69

#6 Updated by daviddavis about 1 year ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to daviddavis

#7 Updated by pulpbot about 1 year ago

  • Status changed from ASSIGNED to POST

#8 Updated by daviddavis about 1 year ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#9 Updated by ttereshc about 1 year ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE
  • Sprint/Milestone set to 3.3.0

Please register to edit this issue

Also available in: Atom PDF