server(filesystem): rebuild everything imaginable
This wonderfully large commit replaces basically everything under the `server/filesystem` package, re-implementing essentially everything. This is related to https://github.com/pterodactyl/wings/security/advisories/GHSA-494h-9924-xww9 If any vulnerabilities related to symlinks persist after this commit, I will be very upset. Signed-off-by: Matthew Penner <me@matthewp.io>
This commit is contained in:
@@ -12,6 +12,7 @@ import (
|
||||
"regexp"
|
||||
"strings"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
"text/template"
|
||||
"time"
|
||||
|
||||
@@ -20,6 +21,7 @@ import (
|
||||
"github.com/apex/log"
|
||||
"github.com/creasty/defaults"
|
||||
"github.com/gbrlsnchs/jwt/v3"
|
||||
"golang.org/x/sys/unix"
|
||||
"gopkg.in/yaml.v2"
|
||||
|
||||
"github.com/pterodactyl/wings/system"
|
||||
@@ -209,6 +211,8 @@ type SystemConfiguration struct {
|
||||
Backups Backups `yaml:"backups"`
|
||||
|
||||
Transfers Transfers `yaml:"transfers"`
|
||||
|
||||
OpenatMode string `default:"auto" yaml:"openat_mode"`
|
||||
}
|
||||
|
||||
type CrashDetection struct {
|
||||
@@ -671,3 +675,34 @@ func getSystemName() (string, error) {
|
||||
}
|
||||
return release["ID"], nil
|
||||
}
|
||||
|
||||
var openat2 atomic.Bool
|
||||
var openat2Set atomic.Bool
|
||||
|
||||
func UseOpenat2() bool {
|
||||
if openat2Set.Load() {
|
||||
return openat2.Load()
|
||||
}
|
||||
defer openat2Set.Store(true)
|
||||
|
||||
c := Get()
|
||||
openatMode := c.System.OpenatMode
|
||||
switch openatMode {
|
||||
case "openat2":
|
||||
openat2.Store(true)
|
||||
return true
|
||||
case "openat":
|
||||
openat2.Store(false)
|
||||
return false
|
||||
default:
|
||||
fd, err := unix.Openat2(unix.AT_FDCWD, "/", &unix.OpenHow{})
|
||||
if err != nil {
|
||||
log.WithError(err).Warn("error occurred while checking for openat2 support, falling back to openat")
|
||||
openat2.Store(false)
|
||||
return false
|
||||
}
|
||||
_ = unix.Close(fd)
|
||||
openat2.Store(true)
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user