Forcing file operations under a directory

Discussion in 'Ruby' started by Michael Schuerig, Nov 21, 2007.

  1. I'm looking for a way to force file operations under a given root
    directory. Somewhat similar to chroot, but purely in Ruby.

    For the surface syntax I have in mind something like this

    File.with_root '/var/tmp/safe_place' do
    File.open('../../etc/passwd', 'w') do |f|
    f.puts 'Let's try it...' # No! -> Exception
    end
    end

    I have, unfortunately, no clear idea how to implement File#with_root.
    I'm not even sure it's possible, or possible without an inordinate
    amount of work.

    My concrete problem is rather more mundane and can probably be solved
    easier. I have uploaded file data and paths where they ought to be
    stored. I'd like to make sure that they don't escape from underneath
    the top-level directory where they are supposed to stay.

    Michael

    --
    Michael Schuerig
    mailto:
    http://www.schuerig.de/michael/
    Michael Schuerig, Nov 21, 2007
    #1
    1. Advertising

  2. Michael Schuerig

    ara.t.howard Guest

    On Nov 21, 2007, at 4:15 PM, Michael Schuerig wrote:

    >
    > I'm looking for a way to force file operations under a given root
    > directory. Somewhat similar to chroot, but purely in Ruby.
    >
    > For the surface syntax I have in mind something like this
    >
    > File.with_root '/var/tmp/safe_place' do
    > File.open('../../etc/passwd', 'w') do |f|
    > f.puts 'Let's try it...' # No! -> Exception
    > end
    > end
    >
    > I have, unfortunately, no clear idea how to implement File#with_root.
    > I'm not even sure it's possible, or possible without an inordinate
    > amount of work.
    >
    > My concrete problem is rather more mundane and can probably be solved
    > easier. I have uploaded file data and paths where they ought to be
    > stored. I'd like to make sure that they don't escape from underneath
    > the top-level directory where they are supposed to stay.
    >
    > Michael
    >
    > --
    > Michael Schuerig
    > mailto:
    > http://www.schuerig.de/michael/
    >




    Dir.chdir '/var/tmp/safe_place' do

    ....

    end


    a @ http://codeforpeople.com/
    --
    share your knowledge. it's a way to achieve immortality.
    h.h. the 14th dalai lama
    ara.t.howard, Nov 22, 2007
    #2
    1. Advertising

  3. Michael Schuerig

    Xavier Noria Guest

    On Nov 22, 2007, at 1:09 AM, ara.t.howard wrote:

    > Dir.chdir '/var/tmp/safe_place' do
    >
    > ....
    >
    > end


    That changes the cwd, the OP wants the block to believe that /var/tmp/
    safe_place is /. Dir.entries("/") should list /var/tmp/safe_place,
    system("ls /") I guess should do the same.

    I it needs a system-level solution.

    -- fxn
    Xavier Noria, Nov 22, 2007
    #3
  4. Michael Schuerig

    Xavier Noria Guest

    On Nov 22, 2007, at 12:15 AM, Michael Schuerig wrote:

    > My concrete problem is rather more mundane and can probably be solved
    > easier. I have uploaded file data and paths where they ought to be
    > stored. I'd like to make sure that they don't escape from underneath
    > the top-level directory where they are supposed to stay.


    To accomplish this you sanitize the filename, then compute
    File.expand_path inside a Dir.chdir block (if relative filenames are
    allowed), and check whether the result is out of the root via String
    comparisons on the names (regexps, etc.)

    -- fxn
    Xavier Noria, Nov 22, 2007
    #4
  5. On Thursday 22 November 2007, Xavier Noria wrote:
    > On Nov 22, 2007, at 12:15 AM, Michael Schuerig wrote:
    > > My concrete problem is rather more mundane and can probably be
    > > solved easier. I have uploaded file data and paths where they ought
    > > to be stored. I'd like to make sure that they don't escape from
    > > underneath the top-level directory where they are supposed to stay.

    >
    > To accomplish this you sanitize the filename, then compute
    > File.expand_path inside a Dir.chdir block (if relative filenames are
    > allowed), and check whether the result is out of the root via String
    > comparisons on the names (regexps, etc.)


    Yes, thanks, that's more or less what I'm doing now and relative
    filenames are disallowed anyway.

    Michael

    --
    Michael Schuerig
    mailto:
    http://www.schuerig.de/michael/
    Michael Schuerig, Nov 22, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jack Wright
    Replies:
    1
    Views:
    454
    sonikchopra
    Apr 19, 2005
  2. Jesus M. Salvo Jr.
    Replies:
    2
    Views:
    3,882
    robert
    Feb 11, 2006
  3. Larry
    Replies:
    0
    Views:
    374
    Larry
    Jan 8, 2004
  4. Brett  Kelly
    Replies:
    1
    Views:
    649
    Steve C. Orr [MVP, MCSD]
    Jun 16, 2006
  5. Replies:
    1
    Views:
    2,352
Loading...

Share This Page