jirislav
commented
5 years ago I've tested the PR and it works as expected (volume, created by the user using the socket is permitted, but every other prohibited).
Closed jirislav closed 5 years ago
jirislav
commented
5 years ago I've tested the PR and it works as expected (volume, created by the user using the socket is permitted, but every other prohibited).
lox
commented
5 years ago Closed via #47, thanks!
I've noticed that it is possible to mount any of the existing volumes on Docker host, because there is no check for ownership!
https://github.com/buildkite/sockguard/blob/1d44251770df5916f8d74c1300d15f996b1d2906/director.go#L322-L335
I know the attacker would have to know the name of the volume, but I guess he could easily brute-force all the typical volume names (e.g. from gathered docker-compose examples) and once he attaches volume which doesn't belong to him, he can manipulate anything in there :O
I think this is even worse attack vector than #44 and should be hardened ASAP.