Deniz Onur Duzgun 0f7b8698ec security: fix write symlink escape on the same allocdir path (#23738) ...

Resolves symlink escape when unarchiving by removing existing paths within the same allocation directory which can occur by writing a header that points to a symlink that lives outside of the sandbox environment. This exploit requires first compromising the Nomad client agent at the source allocation.

Ref: https://hashicorp.atlassian.net/browse/NET-10607
Ref: https://github.com/hashicorp/nomad-enterprise/pull/1725

2024-08-05 16:23:27 -04:00

6.4 KiB

Raw Permalink Blame History

View Raw