Skip to content

fix: harden local directory copy against symlink swaps#3408

Open
fallintoplace wants to merge 2 commits into
openai:mainfrom
fallintoplace:fix/local-dir-symlink-swap
Open

fix: harden local directory copy against symlink swaps#3408
fallintoplace wants to merge 2 commits into
openai:mainfrom
fallintoplace:fix/local-dir-symlink-swap

Conversation

@fallintoplace
Copy link
Copy Markdown

@fallintoplace fallintoplace commented May 14, 2026

Summary

  • Add pre-open no-follow stat and post-open identity checks for local directory source traversal and file-copy paths.
  • Reject swapped file, nested directory, and source-root races before sandbox writes.
  • Add regressions that simulate no-follow not preventing a symlink swap.

Validation

  • .venv/bin/python -m pytest tests/sandbox/test_entries.py -q
  • .venv/bin/python -m pytest tests/sandbox --maxfail=2 -q
  • .venv/bin/ruff check src/agents/sandbox/entries/artifacts.py tests/sandbox/test_entries.py
  • .venv/bin/ruff format --check src/agents/sandbox/entries/artifacts.py tests/sandbox/test_entries.py
  • .venv/bin/python -m compileall -q src/agents/sandbox/entries/artifacts.py tests/sandbox/test_entries.py

@fallintoplace fallintoplace marked this pull request as ready for review May 14, 2026 18:41
@fallintoplace fallintoplace force-pushed the fix/local-dir-symlink-swap branch from a276b95 to dc5f851 Compare May 14, 2026 18:49
@fallintoplace fallintoplace changed the title Harden local directory copy against symlink swaps fix: harden local directory copy against symlink swaps May 14, 2026
@fallintoplace fallintoplace force-pushed the fix/local-dir-symlink-swap branch from dc5f851 to 15372b1 Compare May 14, 2026 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

feature:sandboxes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fallintoplace @seratch