Static analysis should be truly static

[ghost]

In GitLab by @infinitewarp on Aug 14, 2018, 11:10

Summary

As of https://gitlab.com/cloudigrade/houndigrade/merge_requests/64, we are now chrooting to the mounted volume and running binaries that live in that volume. Based on conversations we've had outside of GitLab, the act of chrooting to the volume means we are also running the yum binary that lives in that volume. This has potentially dangerous implications because we do not know or control the binaries in the images that we are chrooting. We could unknowingly execute malicious code by running yum or any other binary that belongs to third-party disk images.

Since houndigrade is open source, it seems like it would be trivially easy to craft an image that could exploit this behavior.

Steps to Reproduce

1. Look at the code.
2. Observe how we use the chroot command.

Expected Result

• houndigrade does not execute third-party binaries.

Actual Result

• houndigrade executes third-party binaries.

Additional context

If we have to run yum, we should use our own version of the binary, make some reasonable assumptions, and attempt to direct it to standard yum.repos.d locations within the mounted volume. If we don't actually have to run yum, consider using Python's built-in configparser module to look at the files in the standard yum.repos.d locations.

[ghost]

In GitLab by @infinitewarp on Aug 20, 2018, 09:23

mentioned in merge request !64

[ghost]

In GitLab by @abaiken on Aug 20, 2018, 10:03

assigned to @abaiken

[ghost]

In GitLab by @abaiken on Aug 21, 2018, 13:23

mentioned in merge request !65

[ghost]

In GitLab by @kholdaway on Aug 23, 2018, 10:20

closed