Forcing file operations under a directory

I’m looking for a way to force file operations under a given root
directory. Somewhat similar to chroot, but purely in Ruby.

For the surface syntax I have in mind something like this

File.with_root ‘/var/tmp/safe_place’ do
File.open(’…/…/etc/passwd’, ‘w’) do |f|
f.puts ‘Let’s try it…’ # No! -> Exception
end
end

I have, unfortunately, no clear idea how to implement File#with_root.
I’m not even sure it’s possible, or possible without an inordinate
amount of work.

My concrete problem is rather more mundane and can probably be solved
easier. I have uploaded file data and paths where they ought to be
stored. I’d like to make sure that they don’t escape from underneath
the top-level directory where they are supposed to stay.

Michael

On Nov 21, 2007, at 4:15 PM, Michael S. wrote:

end
Michael


Michael S.
mailto:[email protected]
Michael Schürig | Sentenced to making sense

Dir.chdir ‘/var/tmp/safe_place’ do

end

a @ http://codeforpeople.com/

On Nov 22, 2007, at 1:09 AM, ara.t.howard wrote:

Dir.chdir ‘/var/tmp/safe_place’ do

end

That changes the cwd, the OP wants the block to believe that /var/tmp/
safe_place is /. Dir.entries("/") should list /var/tmp/safe_place,
system(“ls /”) I guess should do the same.

I it needs a system-level solution.

– fxn

On Nov 22, 2007, at 12:15 AM, Michael S. wrote:

My concrete problem is rather more mundane and can probably be solved
easier. I have uploaded file data and paths where they ought to be
stored. I’d like to make sure that they don’t escape from underneath
the top-level directory where they are supposed to stay.

To accomplish this you sanitize the filename, then compute
File.expand_path inside a Dir.chdir block (if relative filenames are
allowed), and check whether the result is out of the root via String
comparisons on the names (regexps, etc.)

– fxn

On Thursday 22 November 2007, Xavier N. wrote:

On Nov 22, 2007, at 12:15 AM, Michael S. wrote:

My concrete problem is rather more mundane and can probably be
solved easier. I have uploaded file data and paths where they ought
to be stored. I’d like to make sure that they don’t escape from
underneath the top-level directory where they are supposed to stay.

To accomplish this you sanitize the filename, then compute
File.expand_path inside a Dir.chdir block (if relative filenames are
allowed), and check whether the result is out of the root via String
comparisons on the names (regexps, etc.)

Yes, thanks, that’s more or less what I’m doing now and relative
filenames are disallowed anyway.

Michael