Source
ChatGPT security review feedback
Problem
path_validator.rs already uses O_NOFOLLOW to prevent TOCTOU symlink races (good), but there are still non-atomic checks elsewhere (is_symlink() then read_link() flows) which are raceable.
Fix
For any "real" file operation:
- Open the path with fd-based APIs (or capability dir handles)
- Resolve realpath from the fd
- Perform the action via fd (or via path derived from fd)
- Have path validation operate on the resolved target of that fd
Consider integrating cap-std for capability-based filesystem access.
Relevant Code
src/safety/path_validator.rssrc/tools/file.rssrc/cognitive/self_edit.rs (symlink bypass fix already applied)
Priority
P0 — completes existing security work
Labels
security, P0
Source
ChatGPT security review feedback
Problem
path_validator.rsalready usesO_NOFOLLOWto prevent TOCTOU symlink races (good), but there are still non-atomic checks elsewhere (is_symlink()thenread_link()flows) which are raceable.Fix
For any "real" file operation:
Consider integrating
cap-stdfor capability-based filesystem access.Relevant Code
src/safety/path_validator.rssrc/tools/file.rssrc/cognitive/self_edit.rs(symlink bypass fix already applied)Priority
P0 — completes existing security work
Labels
security, P0