Expand description
Path normalization for filesystem capability matching.
Capability allow-lists (Capability::Filesystem { read, write }) are globs
matched by crate::capability’s path-opaque wildcard_match, where *
and ** both span /. That matcher is correct for opaque strings (URLs,
key ids), but a filesystem path carries ./.. semantics the matcher does
not understand: a guest granted read: ["/data/**"] could pass
"/data/../../etc/passwd", which textually matches /data/** while the
kernel resolves it to /etc/passwd — a sandbox escape.
The fix is to make the checked path identical to the acted-upon path.
normalize_capability_path is the deterministic, IO-free first layer: it
requires an absolute path and lexically resolves ./.., rejecting any path
that would escape above the filesystem root. Loaders match the normalized
path against the allow-list, and additionally canonicalize (resolving
symlinks) before the syscall for defense in depth — see the loader fs host
fns (e.g. uni-plugin-rhai’s host_fn_impls::fs).
Functions§
- normalize_
capability_ path - Lexically normalize an absolute capability path for allow-list matching.