제출 #856883: nearai ironclaw 0.29.1 Improper Link Resolution Before File Access (CWE-59)정보

제목nearai ironclaw 0.29.1 Improper Link Resolution Before File Access (CWE-59)
설명# Technical Details A `write_file` sandbox escape exists in the `validate_path()` function in `src/tools/builtin/path_utils.rs` of ironclaw. The sandbox validator resolves existing paths safely via canonicalization, but for non-existent paths it only canonicalizes the nearest existing ancestor and re-appends the unresolved lexical tail. When the final path component is a dangling symlink targeting outside `base_dir`, the validator treats it as a non-existent in-sandbox file, but the later `tokio::fs::write` follows the symlink and writes to the out-of-root target. This path-boundary bypass occurs because the validator and the write sink disagree about the final filesystem target. # Vulnerable Code File: src/tools/builtin/path_utils.rs Method: validate_path() Why: For non-existent paths, the function walks up to the nearest existing ancestor, canonicalizes it, and re-appends the unresolved tail. A dangling final symlink survives this check because `resolved.exists()` is false, so the symlink target is never resolved before `starts_with(base_canonical)`. File: src/tools/builtin/file.rs Method: WriteFileTool::execute() Why: The write sink accepts the validated path and passes it directly to `tokio::fs::write`, which follows the dangling symlink to an out-of-root target. # Reproduction 1. Checkout nearai/ironclaw at release tag `ironclaw-v0.29.1`. 2. Create a dangling symlink inside the sandbox pointing outside `base_dir`. 3. Call `write_file` with the dangling symlink path and crafted content. 4. Observe the write succeeds and the content lands outside the sandbox. 5. Run the control without a symlink and observe the write stays within `base_dir`. # Impact - Arbitrary file write outside the intended `base_dir` sandbox boundary. - Can break isolation between projects, corrupt host-side files, or poison future execution state. - Overwrites configuration and automation artifacts trusted by the runtime.
원천⚠️ https://github.com/nearai/ironclaw/issues/4797
사용자
 Eric-x (UID 94869)
제출2026. 06. 12. AM 11:52 (1 월 ago)
모더레이션2026. 07. 17. PM 06:16 (1 month later)
상태수락
VulDB 항목379848 [nearai ironclaw 까지 0.29.1 write_file path_utils.rs validate_path 권한 상승]
포인트들20

Do you want to use VulDB in your project?

Use the official API to access entries easily!