core/go
8
0
Fork 0
generated from lthn/LEM
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions
go/pkg
History
Snider dd6803df10 fix(security): fix latent sandbox escape in IO.path() 
filepath.Clean("/"+p) returns absolute path, filepath.Join(root, "/abs")
drops root on Linux. Strip leading "/" before joining with sandbox root.

Currently not exploitable (validatePath handles it), but any future
caller of path() with active sandbox would escape. Defensive fix.

Found by Gemini Pro security review.

Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-18 01:16:30 +00:00
..
core fix(security): fix latent sandbox escape in IO.path() 2026-03-18 01:16:30 +00:00
log fix(core): replace fmt.Errorf with structured errors, add log service tests 2026-03-17 08:03:05 +00:00
mnt feat: add pkg/mnt — mount operations for Core framework 2026-03-17 23:32:53 +00:00