-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement proper path resolution #2323
Comments
FYI, it won't help you right now but https://go.dev/issue/67002 may be of interest. This is a proposal (which I'm hoping to land in Go 1.24, although no promises) to add openat-like functionality to the
It doesn't provide defense against non-symlink escapes (for example, if the directory tree includes a procfs filesystem, this won't defend against opening /proc/fd/*). I suspect that's not a concern for your case. One possible problem point is "the POSIX semantics WASI specifies". (Incidentally, do you have a reference for where this is specified? I was trying to find something definitive on whether WASI paths support backslash as a separator on Windows, and couldn't find anything.) The proposed APIs in https://go.dev/issue/67002 use the semantics of the local platform. That means that on Windows, paths can use backslashes as separators (minor) and there are some subtle differences in how .. and symlinks interact. (On Unix, "a/../b" will follow any symlink in "a". On Windows, paths are cleaned at the start of a lookup , so "a/../b" is exactly equivalent to just "b", and will work even if "a" doesn't exist at all.) I'd be very interested to know if there are any gaps in the proposal that would make it unsuitable as a foundation for wazero's file APIs. |
As for WASI being heavily inspired by POSIX just reading the README:
As for paths, I don't have a definitive answer to give you. That's the trouble with WASI, TBH. The path resolution document quite explicitly follows POSIX semantics, quite similar to Open Group, or Linux. But then you go through the repo and see open issues, in which our team has participated, which basically say that my previous strategy (of using So I don't know what to tell you. I decided to do nothing, because what we have now is behaving as documented. I do think WASI is converging into requiring emulating POSIX path resolution as closely as possible; and that if so, Hence this issue. But our stance is that we need to focus our limited manpower into implementing stable APIs. WASI is not there yet. Obviously, if the community needs improvements, there are ways to contribute. |
This is an umbrella issue intended to track the effort to implement the path resolution algorithm described by WASI filesystem.
As described prominently in our documentation, our current WASI filesystem implementation does not properly sandbox file system operations:
wazero/fsconfig.go
Lines 64 to 88 in 111c51a
For emphasis:
The reason for this is that it is hard to provide an implementation that is simulateously:
We have prioritized 1 and 2 over 3.
There's an ongoing effort to improve the situation, in #2254 and #2264 (thanks @yagehu).
This is challenging for various reasons. One is the wazero zero dependency policy that prevents us from using even
sys/unix
. Another is that this will introduce a performance regression, which can only be partially offset in certain platforms by specialization.The text was updated successfully, but these errors were encountered: