GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → openSUSE → Libpathrs

openSUSE / Libpathrs

Licence: lgpl-3.0
C-friendly API to make path resolution safer on Linux.

Programming Languages

rust
11053 projects

Labels

linuxcontainerssecurity-hardening

Projects that are alternatives of or similar to Libpathrs

Karn
Simplifying Seccomp enforcement in containerized or non-containerized apps
Stars: ✭ 104 (+121.28%)
Mutual labels:  security-hardening, containers
Kapo
Wrap any command in a status socket
Stars: ✭ 45 (-4.26%)
Mutual labels:  containers
Addon Lxdone
Allows OpenNebula to manage Linux Containers via LXD
Stars: ✭ 36 (-23.4%)
Mutual labels:  containers
Cilium
eBPF-based Networking, Security, and Observability
Stars: ✭ 10,256 (+21721.28%)
Mutual labels:  containers
Mesos Cli
Alternative Apache Mesos CLI
Stars: ✭ 37 (-21.28%)
Mutual labels:  containers
Drupal Nginx Php Kubernetes
Demonstration of a set of NGINX and PHP-FPM containers running Drupal deployed to Kubernetes on the IBM Container Service. This is a work in progress.
Stars: ✭ 43 (-8.51%)
Mutual labels:  containers
Centos7 S2i Nodejs
DEPRECATED OpenShift S2I builder images for Node.js ✨
Stars: ✭ 34 (-27.66%)
Mutual labels:  containers
Phobos
The standard library of the D programming language
Stars: ✭ 1,038 (+2108.51%)
Mutual labels:  containers
Csi Gcs
Kubernetes CSI driver for Google Cloud Storage
Stars: ✭ 44 (-6.38%)
Mutual labels:  containers
Clair
Vulnerability Static Analysis for Containers
Stars: ✭ 8,356 (+17678.72%)
Mutual labels:  containers
Sentry
Kubernetes Object Validating Admission Controller
Stars: ✭ 40 (-14.89%)
Mutual labels:  containers
Crun
A fast and lightweight fully featured OCI runtime and C library for running containers
Stars: ✭ 990 (+2006.38%)
Mutual labels:  containers
Dockerfiles
Docker Projects Collection
Stars: ✭ 43 (-8.51%)
Mutual labels:  containers
Dedockify
Reverse engineer Docker images into Dockerfiles.
Stars: ✭ 36 (-23.4%)
Mutual labels:  containers
Minit
minimalist init implementation for containers
Stars: ✭ 45 (-4.26%)
Mutual labels:  containers
Verwalter
A tool which manages cluster of services
Stars: ✭ 34 (-27.66%)
Mutual labels:  containers
Amazon Vpc Cni Plugins
VPC CNI plugins for Amazon ECS and EKS.
Stars: ✭ 39 (-17.02%)
Mutual labels:  containers
Nagios Plugins Linux
🐧 Nagios Plugins for Linux
Stars: ✭ 42 (-10.64%)
Mutual labels:  containers
Bitrix24 Docker
Docker веб-окружение для разработки решений на базе 1С-Битрикс Корпоративный портал
Stars: ✭ 47 (+0%)
Mutual labels:  containers
Nff Go
NFF-Go -Network Function Framework for GO (former YANFF)
Stars: ✭ 1,036 (+2104.26%)
Mutual labels:  containers
View All Similar Projects ➔

libpathrs

build status docs dependency status

License: LGPL-3.0-or-later

This library implements a set of C-friendly APIs (written in Rust) to make path resolution within a potentially-untrusted directory safe on GNU/Linux. There are countless examples of security vulnerabilities caused by bad handling of paths (symlinks make the issue significantly worse).

I have been working on kernel patches to make this trivial to do safely (which morphed into a new syscall), but in order to safely use the new kernel API you need to restructure how you handle paths quite significantly. Since a restructure is necessary anyway, having a new library is not too much of a downside. In addition, this gives us the ability to implement the core safety features through userspace emulation on older kernels.

Example

Here is a toy example of using this library to open a path (/etc/passwd) inside a root filesystem (/path/to/root) safely. More detailed examples can be found in examples/ and tests/.

#include <pathrs.h>

int get_my_fd(void)
{
	const char *root_path = "/path/to/root";
	const char *unsafe_path = "/etc/passwd";

	int fd = -1;
	pathrs_root_t *root = NULL;
	pathrs_handle_t *handle = NULL;
	pathrs_error_t *error = NULL;

	root = pathrs_open(root_path);
	error = pathrs_error(PATHRS_ROOT, root);
	if (error)
		goto err;

	handle = pathrs_resolve(root, unsafe_path);
	error = pathrs_error(PATHRS_ROOT, root);
	if (error) /* or (!handle) */
		goto err;

	fd = pathrs_reopen(handle, O_RDONLY);
	error = pathrs_error(PATHRS_HANDLE, handle);
	if (error) /* or (fd < 0) */
		goto err;

err:
	if (error)
		fprintf(stderr, "Uh-oh: %s (errno=%d)\n", error->description, error->saved_errno);
	pathrs_free(PATHRS_ROOT, root);
	pathrs_free(PATHRS_HANDLE, handle);
	pathrs_free(PATHRS_ERROR, error);
	return fd;
}

License

libpathrs is licensed under the GNU LGPLv3 (or any later version).

libpathrs: safe path resolution on Linux
Copyright (C) 2019, 2020 Aleksa Sarai <[email protected]>
Copyright (C) 2019, 2020 SUSE LLC

This program is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option) any
later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along
with this program. If not, see <https://www.gnu.org/licenses/>.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].