sysfs: clean paths lexically before use

internal/sysfs/dirfs.go

@@ -3,6 +3,8 @@ package sysfs
 import (
 	"io/fs"
 	"os"
+	"path"
+	"strings"
 
 	experimentalsys "github.com/tetratelabs/wazero/experimental/sys"
 	"github.com/tetratelabs/wazero/internal/platform"
@@ -12,7 +14,7 @@ import (
 func DirFS(dir string) experimentalsys.FS {
 	return &dirFS{
 		dir:        dir,
-		cleanedDir: ensureTrailingPathSeparator(dir),
+		cleanedDir: strings.TrimSuffix(dir, "/"),
 	}
 }
 
@@ -84,16 +86,21 @@ func (d *dirFS) Utimens(path string, atim, mtim int64) experimentalsys.Errno {
 	return utimens(d.join(path), atim, mtim)
 }
 
-func (d *dirFS) join(path string) string {
-	switch path {
-	case "", ".", "/":
-		if d.cleanedDir == "/" {
-			return "/"
+func (d *dirFS) join(name string) string {
+	// Lexically clean `name` to enforce that it always stays within the root
+	// hierarchy. This is necessary to avoid trivially escaping the root.
+	// See: https://github.com/tetratelabs/wazero/issues/2321
+	// TODO: this violates POSIX pathname resolution semantics.
+	// https://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap04.html#tag_04_11
+	cleanedName := path.Clean("/" + name)
+	if cleanedName == "/" {
+		if d.cleanedDir != "" {
+			return d.cleanedDir
 		}
-		// cleanedDir includes an unnecessary delimiter for the root path.
-		return d.cleanedDir[:len(d.cleanedDir)-1]
+		return "/"
 	}
-	// TODO: Enforce similar to safefilepath.FromFS(path), but be careful as
-	// relative path inputs are allowed. e.g. dir or path == ../
-	return d.cleanedDir + path
+	if strings.HasSuffix(name, "/") {
+		return d.cleanedDir + cleanedName + "/"
+	}
+	return d.cleanedDir + cleanedName
 }

internal/sysfs/dirfs_supported.go

@@ -5,6 +5,8 @@ package sysfs
 import (
 	"io/fs"
 	"os"
+	"path"
+	"strings"
 
 	experimentalsys "github.com/tetratelabs/wazero/experimental/sys"
 )
@@ -34,9 +36,16 @@ func (d *dirFS) Chmod(path string, perm fs.FileMode) experimentalsys.Errno {
 
 // Symlink implements the same method as documented on sys.FS
 func (d *dirFS) Symlink(oldName, link string) experimentalsys.Errno {
-	// Note: do not resolve `oldName` relative to this dirFS. The link result is always resolved
-	// when dereference the `link` on its usage (e.g. readlink, read, etc).
-	// https://github.com/bytecodealliance/cap-std/blob/v1.0.4/cap-std/src/fs/dir.rs#L404-L409
+	// Note: do not resolve `oldName` relative to this dirFS.
+	// The link result is always resolved on usage (e.g. readlink, read, etc).
+	// However, this trivially allows escaping the root mount point.
+	// See: https://github.com/tetratelabs/wazero/issues/2321
+	// So, lexically clean `oldName`, and enforce that it always points down
+	// the hierarchy.
+	oldName = path.Clean(oldName)
+	if strings.HasPrefix(oldName, "../") || strings.HasPrefix(oldName, "/") {
+		return experimentalsys.EFAULT
+	}
 	err := os.Symlink(oldName, d.join(link))
 	return experimentalsys.UnwrapOSError(err)
 }

internal/sysfs/dirfs_test.go

@@ -51,7 +51,7 @@ func TestDirFS_join(t *testing.T) {
 	require.Equal(t, ".", testFS.join(""))
 	require.Equal(t, ".", testFS.join("."))
 	require.Equal(t, ".", testFS.join("/"))
-	require.Equal(t, "."+string(os.PathSeparator)+"tmp", testFS.join("tmp"))
+	require.Equal(t, "./tmp", testFS.join("tmp"))
 }
 
 func TestDirFS_String(t *testing.T) {