security: fix audit findings across fs sandbox, IPC, grants, plugins, storage#30
Closed
security: fix audit findings across fs sandbox, IPC, grants, plugins, storage#30
Conversation
All filesystem operations now re-verify that the resolved path still resides within the sandbox boundary after the file is opened/accessed. This narrows the TOCTOU window between safe_resolve() validation and the actual I/O syscall, preventing symlink-swap attacks that could escape the sandbox. Affected operations: read_file, read_file_text, write_file, read_dir, stat, exists, remove, rename, copy. The remove() path additionally double-checks ensure_not_symlink before remove_dir_all to guard against the most dangerous variant (recursive deletion outside the sandbox via symlink swap).
…ins, storage IPC hardening: - Add IPC_MAX_RESPONSE_BYTES (16MB) cap to prevent memory exhaustion from oversized handler return values - Escape null bytes in JS string injection (escape_for_single_quoted_js) - Protect __volt_response__ and __volt_event__ with Object.defineProperty (writable:false) to prevent interception by injected scripts - Wrap IPC worker dispatch in catch_unwind to guarantee in-flight slot release even if a worker thread panics Grant system: - Replace predictable timestamp+counter grant IDs with SHA-256 based IDs using process entropy (PID, thread ID, heap ASLR address) - Canonicalize grant paths at creation time to prevent symlink drift Plugin security: - Cap stderr capture at 256KB to prevent plugin-driven host OOM - Sanitize plugin dialog titles: strip Unicode control characters and RTL overrides, truncate to 100 chars to prevent spoofing Storage: - Add 50MB per-plugin storage quota to prevent disk exhaustion Path validation: - Reject null bytes explicitly in validate_path (defense-in-depth) - Check ALL path components for reserved device names, not just the last - Add whitespace rejection to sanitize_dev_server_origin
…storage) IPC: - Move rate limit check before native fast path execution so rate-limited requests are rejected without performing computation - Reserve __volt_internal: prefix in addition to volt: to prevent user handler squatting on internal channels Storage: - Clean up orphaned .tmp files during reconciliation (previously only .val files were handled, leaving interrupted atomic writes behind) - Gracefully recover from corrupted _index.json instead of failing all storage operations (log warning, start with empty index)
- Clone response.id before first use to prevent use-after-move (response.rs) - Replace redundant closure with function reference (clippy)
- Extract path resolution and symlink guards into fs/resolve.rs (152 lines) - fs/mod.rs now contains file operations only (228 lines) - Fix test_ipc_init_script_valid: Object.defineProperty changed the contiguous string from window.__volt_response__ to '__volt_response__'
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Comprehensive security audit remediation across 10 files in 3 severity tiers.
HIGH — TOCTOU Filesystem Sandbox Escapes (commit 1)
verify_opened_path) to all filesystem operations (read_file,write_file,read_dir,stat,exists,remove,rename,copy)remove()beforeremove_dir_allto prevent recursive deletion outside sandbox via symlink swapsafe_resolve()validation and the actual I/O syscallMEDIUM — IPC, Grants, Plugins, Storage (commit 2)
escape_for_single_quoted_js,__volt_response__/__volt_event__made non-writablecatch_unwindaround IPC dispatch guarantees in-flight slot releaseLOW — Rate Limiting, Channel Reservation, Storage Cleanup (commit 3)
__volt_internal:prefix reserved alongsidevolt:in handler registration.tmpfile cleanup during storage reconciliation_index.json(log + empty index vs hard failure)Test plan
cargo clippy --workspace --all-targets -- -D warningscargo test --workspacepnpm typecheckpnpm testsafe_resolverejects.., absolute paths, reserved names in intermediate componentssetpast 50MB quota returns error