Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

artifact/template: make destination path absolute inside taskdir (0.10.7) #9152

Merged
merged 2 commits into from
Oct 22, 2020
Merged

artifact/template: make destination path absolute inside taskdir (0.10.7) #9152

merged 2 commits into from
Oct 22, 2020

Conversation

tgross
Copy link
Member

@tgross tgross commented Oct 22, 2020

Backport of #9149 to 0.10.7

@tgross
artifact/template: make destination path absolute inside taskdir
b8689de 
Prior to Nomad 0.12.5, you could use `${NOMAD_SECRETS_DIR}/mysecret.txt` as
the `artifact.destination` and `template.destination` because we would always
append the destination to the task working directory. In the recent security
patch we treated the `destination` absolute path as valid if it didn't escape
the working directory, but this breaks backwards compatibility and
interpolation of `destination` fields.

This changeset partially reverts the behavior so that we always append the
destination, but we also perform the escape check on that new destination
after interpolation so the security hole is closed.
@tgross
changelog entry
175d40e
@vercel
Copy link

vercel bot commented Oct 22, 2020

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/hashicorp/nomad/ko5pcppmx
✅ Preview: https://nomad-git-b-template-artifact-destination-abs-path-0107.hashicorp.vercel.app

@tgross tgross changed the title B template artifact destination abs path 0.10.7 artifact/template: make destination path absolute inside taskdir (0.10.7) Oct 22, 2020
@tgross tgross merged commit 26cc3a9 into release-0.10.7 Oct 22, 2020
@tgross tgross deleted the b-template-artifact-destination-abs-path-0.10.7 branch October 22, 2020 20:31
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@krishicks krishicks krishicks approved these changes

@schmichael schmichael Awaiting requested review from schmichael

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tgross @krishicks