Ray runtime_env
zip extraction hardening.
Defense-in-depth contribution to Ray's runtime_env zip package extraction logic. The upstream PR improved resolved-path containment checks and added regression coverage for path traversal-style archive entries.
Summary
I contributed an upstream hardening patch to Ray's runtime_env zip extraction path. The change resolves the extraction target and each candidate zip member path before checking containment, aligning zip extraction with the safer resolved-path invariant used by related archive handling code.
Background
Archive extraction code is a sensitive boundary because member names may contain path components such as ... Even when the surrounding threat model does not classify a case as a product security vulnerability, keeping extraction behavior explicit and containment-oriented is valuable defense-in-depth work.
Contribution
- Improved Ray's
runtime_envzip extraction path validation. - Added resolved-path containment checks before writing extracted files.
- Prevented traversal-style archive entries from being extracted outside the target directory.
- Added regression tests to keep the behavior stable.
Testing
- Syntax
python3 -m py_compileon the modified Ray files- Patch hygiene
git diff --check- Regression
- Focused standalone pytest harness for the new zip containment cases: 3 passed
References
- Author
- H4ck2 / kyun0
- Merged
- 2026-06-08 UTC
Publication note
This is documented as an open-source hardening contribution, not as a CVE/advisory claim. Private advisory discussion and non-public exploit details are intentionally omitted.