deleting env.out_path on execution is dangerous #1

New Issue

lost · 2026-02-23T10:08:41Z

lost commented

2026-02-23 10:08:41 +00:00

		skyforge/src/main.rs
		Lines 13 to 16 in f8ced2196c
	
				    if args.env.out_path.exists() {

				        std::fs::remove_file(&args.env.out_path)

				            .or_else(|_| std::fs::remove_dir_all(&args.env.out_path))?;

				    }

not a good look as args.env.out_path has no input validation... could even be /

better way to do this would be to just create a link in the outdir to check if skyforge dir exists in out path

    let skyforge_out = args.env.out_path.join("skyforge");
    if skyforge_out.exists() {
        std::fs::remove_file(&skyforge_out).or_else(|_| std::fs::remove_dir_all(&skyforge_out))?;
    }
    std::os::unix::fs::symlink(&tmp_dir, &skyforge_out)?;

this can be done in cli when calling args

https://git.rskio.com/lost/skyforge/src/commit/f8ced2196cff2d197373f427ff65fd1076ca6ea2/src/main.rs#L13-L16 not a good look as `args.env.out_path` has no input validation... could even be `/` --- better way to do this would be to just create a link in the outdir to check if `skyforge` dir exists in out path ``` rs let skyforge_out = args.env.out_path.join("skyforge"); if skyforge_out.exists() { std::fs::remove_file(&skyforge_out).or_else(|_| std::fs::remove_dir_all(&skyforge_out))?; } std::os::unix::fs::symlink(&tmp_dir, &skyforge_out)?; ``` this can be done in cli when calling args

lost commented

2026-02-27 06:56:37 +00:00

resolved via d8134095ab bu adding fn use_tmp in skyforge::Args to create /tmp/skyforge-<epoch> per execution

resolved via [d8134095ab](https://git.rskio.com/lost/skyforge/commit/d8134095ab?main.rs#diff-300934e5027e19b41115889f5f7c85999882bbb7) bu adding `fn use_tmp` in `skyforge::Args` to create `/tmp/skyforge-<epoch>` per execution

lost closed this issue

2026-02-27 06:56:37 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: lost/skyforge#1