question: sandbox for following symlinks

It looks there is differences about handling symlinks between uvwasi and wasmtime.

Assuming #224 was merged and given the file path is `/var/dir/file` and sandbox root is `/var/dir`:

| Link Target \ Runtime | wasmtime | uvwasi |                                                (memo)                                                |
|:---------------------:|:--------:|:------:|:----------------------------------------------------------------------------------------------------:|
|  **`/var/dir/file`**  |  **NG**  | **OK** |                          wasmtime prohibits absolute paths without exception                         |
|        `./file`       |    OK    |   OK   |                                                                                                      |
|       `../file`       |    NG    |   NG   |                                        not in the sandbox root                                       |
|   **`../dir/file`**   |  **NG**  | **OK** | wasmtime prohibits relative paths referencing a path that once deviates from the root of the sandbox |

I'd like to know whether this is expected behavior for uvwasi.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

question: sandbox for following symlinks #226

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Link Target \ Runtime	wasmtime	uvwasi	(memo)
`/var/dir/file`	NG	OK	wasmtime prohibits absolute paths without exception
`./file`	OK	OK
`../file`	NG	NG	not in the sandbox root
`../dir/file`	NG	OK	wasmtime prohibits relative paths referencing a path that once deviates from the root of the sandbox

Uh oh!

question: sandbox for following symlinks #226

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions