Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address GHSA-xr7r-f8xq-vfvv #2663

Merged
merged 2 commits into from
Jan 31, 2024
Merged

Address GHSA-xr7r-f8xq-vfvv #2663

merged 2 commits into from
Jan 31, 2024
+42 −0

Conversation

utam0k
Copy link
Member

@utam0k utam0k commented Jan 31, 2024
edited
Loading

GHSA-xr7r-f8xq-vfvv

youki 0.3.1 does not leak any useful file descriptors into the runc init-equivalent process (so this attack is not exploitable as far as we can tell) however this appears to be pure luck. youki does leak a directory file descriptor from the host mount namespace, but it just so happens that the directory is the rootfs of the container (which then gets pivot_root'd into and so ends up as a in-root path thanks to chroot_fs_refs). In addition, no care is taken to make sure all non-stdio files are O_CLOEXEC and there is no check after chdir(2) to ensure the working directory is inside the container. If a file descriptor happened to be leaked in the future, this could be exploitable. In addition, any file descriptors passed to youki are not closed until the container process is executed, meaning that easily-overlooked programming errors by users of youki can lead to these attacks becoming exploitable.

This PR has already been approved by @jprendes @rumpl @yihuaf in private repository.

Edited: Below is the description of the original PR in my private repository.

This PR includes two patches to make sure to close a potential security hole:

  • Make sure that cwd is located within containers
    Close fds except for studio(0,1,2) before calling clone(2)
  • This is to prevent vulnerabilities that may be found in the future.

So as far as I know, these cannot be direct attack holes at the moment. However, they may be worth preventing.

@codecov-commenter
Copy link

Codecov Report

Merging #2663 (6c9f997) into main (04f8f2d) will decrease coverage by 0.10%.
Report is 4 commits behind head on main.
The diff coverage is 0.00%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2663      +/-   ##
==========================================
- Coverage   65.50%   65.41%   -0.10%     
==========================================
  Files         133      133              
  Lines       16916    16942      +26     
==========================================
+ Hits        11081    11082       +1     
- Misses       5835     5860      +25

@utam0k utam0k requested review from yihuaf and jprendes January 31, 2024 20:27
@utam0k utam0k merged commit 93a4292 into youki-dev:main Jan 31, 2024
29 of 30 checks passed
@github-actions github-actions bot mentioned this pull request Jan 31, 2024
Merged
@aidanhs aidanhs mentioned this pull request Aug 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yihuaf yihuaf Awaiting requested review from yihuaf

@jprendes jprendes Awaiting requested review from jprendes

Assignees
No one assigned
Labels
kind/feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@utam0k @codecov-commenter