This repository was archived by the owner on Sep 10, 2025. It is now read-only.
This repository was archived by the owner on Sep 10, 2025. It is now read-only.
golang: We should use chroot #6
Description
To avoid attacks we should update the golang blob-server:
chdir()to the data directory.- Create the data-directory if it is missing.
chroot()to the data-directory.- Make all operations relative to "."
Finally we should filter the IDs we're uploading/downloading to make sure they match the pattern /^([a-zA-Z0-9]+)$/ - which will prevent traversal attacks if the server is accidentally exposed, even if the chroot fails.