GHSA-rhq6-9rgh-v45c
Pterodactyl Wings: Chmod operation can be used to change permissions of files outside of the server container
상세
In `wings/internal/ufs/fs_unix.go` (line 92-94), this function is defined and is used to change permissions of files in the server:
```go func (fs *UnixFS) fchmodat(op string, dirfd int, name string, mode FileMode) error { return ensurePathError(unix.Fchmodat(dirfd, name, uint32(mode), 0), op, name) } ```
This call to the unix function `fchmodat(int fd, char* name, mode_t mode, int flags)` does not have the flag `AT_SYMLINK_NOFOLLOW` set, and Wings neither checks or validate if the target file is a symlink. This allows one to change permissions of files or folders outside of the server container by making symlinks to existing files in the host and then chmoding it.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
1.11.9 수정 버전: 1.12.2 go get github.com/pterodactyl/wings@v1.12.2