Use the new os.Root type

[GiedriusS]

After upgrading Go, use the new os.Root type in places like the Receiver (tsdb.path), Compactor (conf.dataDir), Sidecar (tsdb.path) to prevent accidentally using some other paths.

[lavakush07]

Hi @GiedriusS ,

I’d love to work on this issue. Could you please assign it to me?

[GiedriusS]

#8102 is a dependency that needs to be done first

[lavakush07]

#8102 is a dependency that needs to be done first

Hey @GiedriusS, would it be okay if I take on the #8102 issue? Or is it something that needs to be handled by the maintainers?

[Saumya40-codes]

Compactor (conf.dataDir)

In compactor, can there be a case of accidental access of some other parts? as based on --data-dir flag we create are creating directories like compactor or downsample if they dont already exist.

Or is it to prevent any future modifications from accidentally introducing path traversal?

[GiedriusS]

Yes, the point of using them is so that in the future accidentally we wouldn't introduce some vulnerability where someone with malicious input could create directories anywhere or do some other manipulations.