release-24.0.0: Fix wasmtime-wasi path_open(TRUNCATE) bypass of FilePerms::WRITE check (#13433)

* NFC: refactor wasi testing to make WasiCtxBuilder changes with closure

Port of 89d1a79 to release-24.0.0 branch

* fix and test GHSA-2r75-cxrj-cmph

In wasmtime-wasi, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this wasmtime-wasi enforced access control mechanism can be bypassed by using the wasip2 descriptor.open-at or wasip1 path_open interfaces by opening a file with OpenFlags::TRUNCATE oflag only, for example:

```rust
dir_descriptor.open_at(
   PathFlags::empty(),
   FILENAME,
   OpenFlags::TRUNCATE,
   DescriptorFlags::READ,
)
```
or
```rust
wasip1::path_open(
    dir_fd,
    0,
    FILENAME,
    wasip1::OFLAGS_TRUNC,
    wasip1::RIGHTS_FD_READ,
    0,
    0
)
```
The root cause is that the clause that considered OpenFlags::TRUNCATE did not set open_mode |= OpenMode::WRITE;, used later in that function for the access control check against FilePerms for whether opening that file is permitted. With the bug corrected, these calls to open-at and path_open fail with error-code.not-permitted and ERRNO_PERM respectively.

This commit contains the fix for the above bug, and tests for the fix.

* Release notes for 24.0.9: fix GHSA-2r75-cxrj-cmph

* rustfmt with 1.78.0

* wasi-common: test stubs

Author: pchickey

RELEASES.md

@@ -1,3 +1,14 @@
+## 24.0.9
+
+Unreleased.
+
+### Fixed
+
+* WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction.
+  [GHSA-2r75-cxrj-cmph](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph)
+
+--------------------------------------------------------------------------------
+
 ## 24.0.8
 
 Released 2026-04-30.

crates/test-programs/src/bin/preview1_file_truncation_readonly.rs

@@ -0,0 +1,75 @@
+use std::process;
+use test_programs::preview1::open_scratch_directory;
+
+const FILENAME: &str = "test.txt";
+unsafe fn test_file_has_expected_contents(dir_fd: wasi::Fd) {
+    // Open a file for reading
+    let file_fd = wasi::path_open(dir_fd, 0, FILENAME, 0, wasi::RIGHTS_FD_READ, 0, 0)
+        .expect("opening test.txt for reading");
+
+    // Read the file's contents
+    let buffer = &mut [0u8; 100];
+    let nread = wasi::fd_read(
+        file_fd,
+        &[wasi::Iovec {
+            buf: buffer.as_mut_ptr(),
+            buf_len: buffer.len(),
+        }],
+    )
+    .expect("reading file content");
+
+    const EXPECTED_CONTENTS: &[u8] = b"truncation test file\n";
+    // The file should be as created by the test harness, not truncated.
+    assert_eq!(nread, EXPECTED_CONTENTS.len(), "expected untouched file");
+    assert_eq!(
+        &buffer[..nread],
+        EXPECTED_CONTENTS,
+        "expected untouched file contents"
+    );
+
+    wasi::fd_close(file_fd).expect("closing the file");
+}
+
+unsafe fn test_file_truncation_readonly(dir_fd: wasi::Fd) {
+    // Check test preconditions.
+    test_file_has_expected_contents(dir_fd);
+
+    // Opening the file for truncation should fail.
+    let err = wasi::path_open(
+        dir_fd,
+        0,
+        FILENAME,
+        wasi::OFLAGS_TRUNC,
+        wasi::RIGHTS_FD_READ,
+        0,
+        0,
+    );
+    assert!(err.is_err(), "opening file for truncation should fail");
+    assert_eq!(
+        err.err().unwrap(),
+        wasi::ERRNO_PERM,
+        "opening file for truncation should fail with PERM"
+    );
+
+    // Check that truncation did not occur.
+    test_file_has_expected_contents(dir_fd);
+}
+
+fn main() {
+    // This test program requires a special preopen at the path "readonly",
+    // which the host enforces as read-only. Unlike other test programs, this
+    // directory's path not passed in as an argument, because modifications to
+    // the testing harness would be too invasive.
+    let dir_fd = match open_scratch_directory("readonly") {
+        Ok(dir_fd) => dir_fd,
+        Err(err) => {
+            eprintln!("{err}");
+            process::exit(1)
+        }
+    };
+
+    // Run the tests.
+    unsafe {
+        test_file_truncation_readonly(dir_fd);
+    }
+}

crates/test-programs/src/bin/preview2_file_truncation_readonly.rs

@@ -0,0 +1,64 @@
+use test_programs::wasi::filesystem::preopens;
+use test_programs::wasi::filesystem::types::{
+    Descriptor, DescriptorFlags, ErrorCode, OpenFlags, PathFlags,
+};
+
+const FILENAME: &str = "test.txt";
+fn test_file_has_expected_contents(dir: &Descriptor) {
+    // Open a file for reading
+    let file = dir
+        .open_at(
+            PathFlags::empty(),
+            FILENAME,
+            OpenFlags::empty(),
+            DescriptorFlags::READ,
+        )
+        .expect("open test.txt for reading");
+
+    // Read the file's contents
+    let stream = file.read_via_stream(0).unwrap();
+    let read = stream.blocking_read(100).expect("reading test.txt content");
+    drop(stream);
+    drop(file);
+
+    const EXPECTED_CONTENTS: &[u8] = b"truncation test file\n";
+    // The file should not be empty due to truncation
+    assert_eq!(read, EXPECTED_CONTENTS, "expected untouched file contents");
+}
+
+fn test_file_truncation_readonly(dir: &Descriptor) {
+    // Check test preconditions.
+    test_file_has_expected_contents(dir);
+
+    // Opening the file for truncation should fail.
+    let err = dir.open_at(
+        PathFlags::empty(),
+        FILENAME,
+        OpenFlags::TRUNCATE,
+        DescriptorFlags::READ,
+    );
+    assert!(err.is_err(), "opening file for truncation should fail");
+    assert_eq!(
+        err.err().unwrap(),
+        ErrorCode::NotPermitted,
+        "opening file for truncation should fail with ErrorCode::NotPermitted"
+    );
+
+    // Check that truncation did not occur.
+    test_file_has_expected_contents(dir);
+}
+
+fn main() {
+    // This test program requires a special preopen at the path "readonly",
+    // which the host enforces as read-only. Unlike other test programs, this
+    // directory's path not passed in as an argument, because modifications to
+    // the testing harness would be too invasive.
+    let preopens = preopens::get_directories();
+    let (dir, _) = preopens
+        .iter()
+        .find(|(_, path)| path == "readonly")
+        .expect("find preopen named readonly");
+
+    // Run the test
+    test_file_truncation_readonly(dir);
+}

crates/wasi-common/tests/all/async_.rs

@@ -297,3 +297,9 @@ async fn preview1_path_open_lots() {
 async fn preview1_sleep_quickly_but_lots() {
     run(PREVIEW1_SLEEP_QUICKLY_BUT_LOTS, true).await.unwrap()
 }
+#[test]
+fn preview1_file_truncation_readonly() {
+    println!(
+        "blank placeholder test to satisfy assert_test_exists. This test exercises wasmtime-wasi functionality is not relevant to wasi-common"
+    );
+}

crates/wasi-common/tests/all/sync.rs

@@ -286,3 +286,9 @@ fn preview1_path_open_lots() {
 fn preview1_sleep_quickly_but_lots() {
     run(PREVIEW1_SLEEP_QUICKLY_BUT_LOTS, true).unwrap()
 }
+#[test]
+fn preview1_file_truncation_readonly() {
+    println!(
+        "blank placeholder test to satisfy assert_test_exists. This test exercises wasmtime-wasi functionality is not relevant to wasi-common"
+    );
+}

crates/wasi/src/host/filesystem.rs

@@ -544,6 +544,7 @@ where
 
         if oflags.contains(OpenFlags::TRUNCATE) {
             opts.truncate(true).write(true);
+            open_mode |= OpenMode::WRITE;
         }
         if flags.contains(DescriptorFlags::READ) {
             opts.read(true);