-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(core): fix check temp path permission on mac os, fix #6256 #9588
Conversation
fe729b9
to
e170395
Compare
Will check this PR in the upcoming days but am wondering if https://github.com/tauri-apps/tauri/pull/9072/files#diff-903ee43f2eb846686e5baf219fc515ff00de27369cef1e81b37164de847d2e90 does fix the underlying issue, as it resolves symlinks now before checking. This is in |
@tweidinger I tested how path::is_symlink works, and seems it only checks the exact symbolic path, eg. use std::{
env,
path::PathBuf,
};
fn main() {
let p_var = PathBuf::from("/var");
println!("{:?}", p_var.is_symlink()); // => true
let p_var = env::temp_dir();
println!("{:?}", p_var.is_symlink()); // => false
} This means any subpath of a symbolic folder will return false, so https://github.com/tauri-apps/tauri/pull/9072/files#diff-903ee43f2eb846686e5baf219fc515ff00de27369cef1e81b37164de847d2e90 may not be able to fix subpath permission check. |
The issue happens because the allowed path is actually a symlink so the full path does not match the path we're checking against (which is canonicalized so it resolves to the actual folder). There is an easier way to fix this which is to canonicalize the temp dir when resolving the path variables. tauri/core/tauri/src/api/path.rs Line 296 in 44e3335
BaseDirectory::Temp => temp_dir().canonicalize().ok()
it's probably more secure this way since we would still check canonicalized paths in the end, resolving symlinks and path traversals cc @tweidinger |
1209298
to
106f612
Compare
Thanks for the guidance, done! |
When the user creates a temporary file, the js code should be like this: import { fs, path } from '@tauri-apps/api'
import { tempdir } from '@tauri-apps/api/os'
const tempFile = await path.join(await tempdir(), 'not-exits-file')
await fs.writeFile(tempFile, 'some data') it will use So, we may also change |
LGTM. The only blocker is that not all commits are signed @0x-jerry could you please amend signatures to previous commits or rewrite to a single commit? The history will be squashed into a single commit anyway. |
f4139c2
to
fa5d9ee
Compare
Done! |
close #6256