Closed ghost closed 3 years ago
In GitLab by @infinitewarp on Aug 20, 2018, 09:23
mentioned in merge request !64
In GitLab by @abaiken on Aug 20, 2018, 10:03
assigned to @abaiken
In GitLab by @abaiken on Aug 21, 2018, 13:23
mentioned in merge request !65
In GitLab by @kholdaway on Aug 23, 2018, 10:20
closed
In GitLab by @infinitewarp on Aug 14, 2018, 11:10
Summary
As of https://gitlab.com/cloudigrade/houndigrade/merge_requests/64, we are now chrooting to the mounted volume and running binaries that live in that volume. Based on conversations we've had outside of GitLab, the act of chrooting to the volume means we are also running the
yum
binary that lives in that volume. This has potentially dangerous implications because we do not know or control the binaries in the images that we are chrooting. We could unknowingly execute malicious code by runningyum
or any other binary that belongs to third-party disk images.Since houndigrade is open source, it seems like it would be trivially easy to craft an image that could exploit this behavior.
Steps to Reproduce
chroot
command.Expected Result
Actual Result
Additional context
If we have to run
yum
, we should use our own version of the binary, make some reasonable assumptions, and attempt to direct it to standardyum.repos.d
locations within the mounted volume. If we don't actually have to runyum
, consider using Python's built-inconfigparser
module to look at the files in the standardyum.repos.d
locations.