datumaro icon indicating copy to clipboard operation
datumaro copied to clipboard

Published 20 hours ago verified publisher icon openvinotoolkit

Add an option to disallow loading of dataset files outside dataset dir

Open zhiltsov-max opened this issue 3 years ago • 0 comments

Can be useful for server-side usage of Datumaro to prevent security issues. Currently, Datasets that include image paths (and other paths), can use paths to files outside the dataset directory. It can lead to reading of the unwanted files, if the dataset is specially-crafted.

Possible ways to implement:

  • Using a subprocess with chroot
  • Wrapping open

zhiltsov-max avatar Oct 07 '21 11:10 zhiltsov-max