Skip to content

spec: document Windows symlink traversal OS error 448#9980

Open
oz-for-oss[bot] wants to merge 1 commit intomasterfrom
oz-agent/spec-issue-9044
Open

spec: document Windows symlink traversal OS error 448#9980
oz-for-oss[bot] wants to merge 1 commit intomasterfrom
oz-agent/spec-issue-9044

Conversation

@oz-for-oss
Copy link
Copy Markdown
Contributor

@oz-for-oss oz-for-oss Bot commented May 3, 2026

Summary

  • Adds a product spec defining expected Windows terminal parity for symlink, junction, WinGet shim, pytest, and version-manager workflows affected by OS error 448.
  • Adds a tech spec grounded in the Windows ConPTY shell spawn path, process mitigation policy investigation, and validation strategy for RedirectionGuard-related behavior.

Validation

  • Spec-only change; reviewed generated product and tech specs for required sections and issue coverage.

Notes

  • The tech spec calls out RedirectionGuard as the likely process-policy surface and requires implementation-time validation against affected Windows builds before finalizing production code.

Related issue: #9044

@oz-agent @dmwyatt
spec: document Windows symlink traversal behavior
b33abfe 
Co-Authored-By: Oz <oz-agent@warp.dev>
Co-Authored-By: Dustin Wyatt <dmwyatt@users.noreply.github.com>
@cla-bot cla-bot Bot added the cla-signed label May 3, 2026
@oz-for-oss oz-for-oss Bot mentioned this pull request May 3, 2026
Open
4 tasks
@oz-for-oss
Copy link
Copy Markdown
Contributor Author

oz-for-oss Bot commented May 3, 2026
edited
Loading

@oz-for-oss[bot]

I'm starting a first review of this spec-only pull request.

You can view the conversation on Warp.

I completed the review and no human review was requested for this pull request.

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

oz-for-oss[bot]
oz-for-oss Bot commented May 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@oz-for-oss oz-for-oss Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overview

This spec PR adds product and tech specs for Windows OS error 448 symlink and junction traversal parity. The product spec covers the affected terminal workflows and validation expectations, and the tech spec identifies the Windows shell spawn path and RedirectionGuard as the likely mitigation surface.

Concerns

  • The tech spec allows a fallback that clears RedirectionGuard on the current Warp process without specifying how to scope, serialize, restore, or validate that unrelated Warp-spawned processes cannot inherit the relaxed policy.

Security

  • The current-process fallback could weaken the Warp app process and unrelated subprocesses if implemented as written; require a shell-child-scoped mitigation or explicit guardrails before accepting that fallback.

Verdict

Found: 0 critical, 1 important, 0 suggestions

Request changes

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

Comment thread specs/GH9044/tech.md

Fallback approach if Windows does not expose or honor a creation-time RedirectionGuard override:

- Before spawning a local terminal shell, call `SetProcessMitigationPolicy(ProcessRedirectionTrustPolicy, flags = 0)` from a narrowly-scoped Windows helper and verify with `GetProcessMitigationPolicy` that the current process is not enforcing redirection trust for subsequently-created shell processes.
Copy link
Copy Markdown
Contributor Author

@oz-for-oss oz-for-oss Bot May 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ [IMPORTANT] [SECURITY] This fallback relaxes RedirectionGuard on the current Warp process, but the spec does not require serialization, reversion, or proof that unrelated concurrent Warp-spawned processes cannot inherit the relaxed policy; specify the guardrails or reject this fallback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@oz-agent