d1c0ca5260
This wonderfully large commit replaces basically everything under the `server/filesystem` package, re-implementing essentially everything. This is related to https://github.com/pterodactyl/wings/security/advisories/GHSA-494h-9924-xww9 If any vulnerabilities related to symlinks persist after this commit, I will be very upset. Signed-off-by: Matthew Penner <me@matthewp.io>
50 lines
1.4 KiB
Go
50 lines
1.4 KiB
Go
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
// Code in this file was copied from `go/src/os/file_posix.go`.
|
|
|
|
// Copyright 2009 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the `go.LICENSE` file.
|
|
|
|
//go:build unix || (js && wasm) || wasip1 || windows
|
|
|
|
package ufs
|
|
|
|
import (
|
|
"golang.org/x/sys/unix"
|
|
)
|
|
|
|
// ignoringEINTR makes a function call and repeats it if it returns an
|
|
// EINTR error. This appears to be required even though we install all
|
|
// signal handlers with SA_RESTART: see https://go.dev/issue/22838,
|
|
// https://go.dev/issue/38033, https://go.dev/issue/38836,
|
|
// https://go.dev/issue/40846. Also, https://go.dev/issue/20400 and
|
|
// https://go.dev/issue/36644 are issues in which a signal handler is
|
|
// installed without setting SA_RESTART. None of these are the common case,
|
|
// but there are enough of them that it seems that we can't avoid
|
|
// an EINTR loop.
|
|
func ignoringEINTR(fn func() error) error {
|
|
for {
|
|
err := fn()
|
|
if err != unix.EINTR {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
|
|
// syscallMode returns the syscall-specific mode bits from Go's portable mode bits.
|
|
func syscallMode(i FileMode) (o FileMode) {
|
|
o |= i.Perm()
|
|
if i&ModeSetuid != 0 {
|
|
o |= unix.S_ISUID
|
|
}
|
|
if i&ModeSetgid != 0 {
|
|
o |= unix.S_ISGID
|
|
}
|
|
if i&ModeSticky != 0 {
|
|
o |= unix.S_ISVTX
|
|
}
|
|
// No mapping for Go's ModeTemporary (plan9 only).
|
|
return
|
|
}
|