Fix path-traversal vulnerability in emergency P2P checkpoint service#3105
Open
YuvalElbar6 wants to merge 2 commits intogoogle:mainfrom
Open
Fix path-traversal vulnerability in emergency P2P checkpoint service#3105YuvalElbar6 wants to merge 2 commits intogoogle:mainfrom
YuvalElbar6 wants to merge 2 commits intogoogle:mainfrom
Conversation
A malicious or compromised peer on the P2P network could supply a
manifest whose rel_path contained '..' segments or an absolute path,
causing P2PNode.fetch_shard_from_peer() to write attacker-controlled
bytes outside the staging directory (e.g. a .pth file in site-packages,
yielding persistent RCE on the training host).
- Add _safe_path_join() which joins a peer-supplied relative path onto
a base directory only if the resolved result stays inside that base.
Resolution goes through os.path.realpath so symlink-escape attempts
are caught as well.
- Apply the helper on both sides of the wire:
* Client: fetch_shard_from_peer() validates every manifest entry
against stage_dir and aborts the whole fetch on any unsafe entry.
* Server: handle_download() replaces the substring '..' check with
the same resolve-based containment check against self.directory.
- Log every rejection with peer and request context.
- Add regression tests for the helper and both call sites.
Reported via the Google OSS VRP.
Fix path-traversal vulnerability in emergency P2P checkpoint service
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
A malicious or compromised peer on the P2P network could supply a manifest whose rel_path contained '..' segments or an absolute path, causing P2PNode.fetch_shard_from_peer() to write attacker-controlled bytes outside the staging directory (e.g. a .pth file in site-packages, yielding persistent RCE on the training host).
Reported via the Google OSS VRP.