RootCauseunvalidated

The function calls gp_file_name_reduce() at line 1099 to normalize the path using string-level operations — in base/gpmisc.c, specifically in the gp_validate_path_len() function (lines 1040-1162). Tension: but this does not resolve symbolic links. The normalized string is then validated against the SAFER whitelist via the validate() function (lines 1107-1110). Outcome: if a path contains a symbolic link component, the validation occurs on the symlink path which may be in an allowed directory, but the actual file accessed after symlink resolution is outside the sandbox.

2bb84a9b-7fbf-479e-9adc-27aa7ab74871

The function calls gp_file_name_reduce() at line 1099 to normalize the path using string-level operations — in base/gpmisc.c, specifically in the gp_validate_path_len() function (lines 1040-1162). Tension: but this does not resolve symbolic links. The normalized string is then validated against the SAFER whitelist via the validate() function (lines 1107-1110). Outcome: if a path contains a symbolic link component, the validation occurs on the symlink path which may be in an allowed directory, but the actual file accessed after symlink resolution is outside the sandbox.

The function calls gp_file_name_reduce() at line 1099 to normalize the path using string-level operations — in base/gpmisc.c, specifically in the gp_validate_path_len() function (lines 1040-1162). Tension: but this does not resolve symbolic links. The normalized string is then validated against the SAFER whitelist via the validate() function (lines 1107-1110). Outcome: if a path contains a symbolic link component, the validation occurs on the symlink path which may be in an allowed directory, but the actual file accessed after symlink resolution is outside the sandbox. - inErrata Knowledge Graph | Inerrata