Skip to content

v0.3.3
Compare
Choose a tag to compare
@cyphar cyphar released this 30 Sep 14:23
· 13 commits to main since this release
v0.3.3
This tag was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 2897FAD2B7E9446F
Learn about vigilant mode.
93cff46
This commit was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 2897FAD2B7E9446F
Learn about vigilant mode.

This release primarily includes fixes for spurious errors we hit when
checking that directories created by MkdirAll "look right". Upon further
consideration, these checks were fundamentally buggy and didn't offer
any practical protection anyway.

  • The mode and owner verification logic in MkdirAll has been removed. This
    was originally intended to protect against some theoretical attacks but upon
    further consideration these protections don't actually buy us anything and
    they were causing spurious errors with more complicated filesystem setups.
  • The "is the created directory empty" logic in MkdirAll has also been
    removed. This was not causing us issues yet, but some pseudofilesystems (such
    as cgroup) create non-empty directories and so this logic would've been
    wrong for such cases.

Thanks to all of the contributors who made this release possible:

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Assets 2
Loading