yangyl/codex-agent-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: block sensitive symlink targets

Browse Source
This commit is contained in:
Yoilun
2026-05-25 16:28:57 +08:00
parent dc8b06f961
commit 2f28b4880e
4 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/codexhome/bounds.go
View File

@@ -101,6 +101,9 @@ func rejectSymlinkEscape(home string, candidate string) error {
if !isInside(evaluatedHome, currentEvaluated) {
return ErrOutsideCodexHome
}
if IsForbidden(currentEvaluated, evaluatedHome) {
return ErrForbiddenPath
}
}
return nil
}