[security] Escalate concerning default `persist-credentials=true` please

[hartwork]

Hi! Thanks for this important piece of infrastructure!

Through issue #2299 I learned about commit c170eef making persist-credentials=true the default with actions/checkout from version v2-beta on in 2019. There is an open issue #485 already from 2021 that came forward with security concerns where the issue is named a "severe security issue" and where it was directly linked to past "successful" PyTorch supply chain attacks and yet — from what I can see — no one employed by GitHub commented in that issue: pure silence. There is a related pull request #1687 from April 2024 that flips the default to false that has not received any replies from GitHub since then.

I would like to ask:

• Why are these public concerns being ignored since 2021?
• Is persist-credentials=true considered safe by GitHub and what is the officially assumed threat model for persist-credentials=true?
• Does recent pull request Persist creds to a separate file #2286 of v6-betaand after change this picture in any meaningful way? If yes: could you elaborate how?
• What am I missing in this picture?

Thanks for your time!

Best, Sebastian

CC @briansmith @haampie @eregon @michi-covalent @ericsciple @hannob

[ericsciple]

@hartwork refer https://github.com/orgs/community/discussions/179107#discussioncomment-14906259

[hartwork]

Hi @ericsciple,

thanks for sharing that link. If I'm reading things right:

• GitHub Actions treats the Git access token different from all other secrets in that any actions can access it from anywhere any time even without persist-credentials=true from the actions/checkout action.
• As a consequence, gaining access to the persisted token does not escalate privileges to other actions in the same workflow because they already have access to it through other channels.
• The token storage location was adjusted so that the token could no longer leak through artifact publishing (say from a Docker build without .dockerignore), and be used by an attacker while not yet invalidated.

From that I personally conclude:

• That persist-credentials=true is more secure in v6-beta than it was in v2 to v5.
• That persist-credentials=true is probably secure now (as long as any action continues to have access to the Git access token anyway), and the default is less concerning than it may appear.
• That actions/checkout v2 to v5 should probably get a CVE for this (if none has been filed yet) and be alerted about by GitHub Dependabot.
• That a write-support Git access token needs extreme care on workflow author side, with all actions participating.
• That Remove persist-credentials or change the default to false #485 and Change the default value of persist-credentials to false #1687 still deserve a proper reply from GitHub.

What do you think?

Best, Sebastian