Lib.rs

libpathrs

此库实现了一套 C 语言风格的 API（用 Rust 编写），使在 GNU/Linux 中解析潜在不可信目录中的路径更加安全。由于路径处理不当而导致的许多安全漏洞的例子。

我一直在致力于内核补丁，使其能够安全地执行此操作（这演变成了一个新的系统调用），但是为了安全地使用新的内核 API，您需要相当大幅度地重新构建您处理路径的方式。由于重构是必要的，因此拥有一个新的库并不是太大的缺点。此外，这还使我们能够在较旧的内核上通过用户空间模拟实现核心安全功能。

示例

以下是一个使用此库安全地在根文件系统（/path/to/root）中打开路径（/etc/passwd）的玩具示例。更详细的示例可以在 examples/ 和 tests/ 中找到。

#include <pathrs.h>

int get_my_fd(void)
{
	const char *root_path = "/path/to/root";
	const char *unsafe_path = "/etc/passwd";

	int fd = -1;
	pathrs_root_t *root = NULL;
	pathrs_handle_t *handle = NULL;
	pathrs_error_t *error = NULL;

	root = pathrs_open(root_path);
	error = pathrs_error(PATHRS_ROOT, root);
	if (error)
		goto err;

	handle = pathrs_resolve(root, unsafe_path);
	error = pathrs_error(PATHRS_ROOT, root);
	if (error) /* or (!handle) */
		goto err;

	fd = pathrs_reopen(handle, O_RDONLY);
	error = pathrs_error(PATHRS_HANDLE, handle);
	if (error) /* or (fd < 0) */
		goto err;

err:
	if (error)
		fprintf(stderr, "Uh-oh: %s (errno=%d)\n", error->description, error->saved_errno);
	pathrs_free(PATHRS_ROOT, root);
	pathrs_free(PATHRS_HANDLE, handle);
	pathrs_free(PATHRS_ERROR, error);
	return fd;
}

许可证

libpathrs 使用 GNU LGPLv3 许可证（或任何更高版本）。

libpathrs: safe path resolution on Linux
Copyright (C) 2019, 2020 Aleksa Sarai <cyphar@cyphar.com>
Copyright (C) 2019, 2020 SUSE LLC

This program is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option) any
later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along
with this program. If not, see <https://www.gnu.org/licenses/>.