bake: prohibit read/write an arbitrary path on the client host filesystem

docker / buildx

Docker CLI plugin for extended build capabilities with BuildKit

Apache License 2.0

3.46k stars 466 forks source link

bake: prohibit read/write an arbitrary path on the client host filesystem #1518

Closed AkihiroSuda closed 3 months ago

AkihiroSuda commented 1 year ago

Currently, a bake file may specify an arbitrary path on the client host filesystem for reading secrets, writing outputs, etc.

Probably buildx should have a CLI flag to specify the allow list of the accessible path.

The path can be just validated in util/buildflags/*.go , but it might be nice to have landlock too on Linux clients. (And potentially pledge for OpenBSD clients)

thaJeztah commented 1 year ago

ISTR bake was largely to have a parallel with make - do you know if there's parallels to draw with make in this respect? (Does make allow for "don't create a target if it doesn't exist"?)

tonistiigi commented 1 year ago

I think this is covered by https://github.com/docker/buildx/issues/179

thompson-shaun commented 3 months ago

Closing since this should get coverage in #179. Please re-open if this is incorrect :)