CVE-2024-9407: validate "bind-propagation" flag settings#5761
Conversation
CVE-2024-9407: validate that the value for the "bind-propagation" flag when handling "bind" and "cache" mounts in `buildah run` or in RUN instructions is one of the values that we would accept without the "bind-propagation=" prefix. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
LGTM |
| default: | ||
| return newMount, "", fmt.Errorf("%v: %q: %w", argName, argValue, errBadMntOption) | ||
| case "shared", "rshared", "private", "rprivate", "slave", "rslave": | ||
| // this should be the relevant parts of the same list of options we accepted above |
There was a problem hiding this comment.
tiny nit, but reading this I find it strange that the default case is first.
It seems to be common to place the default case last, anyhow no reason to block or repush
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Luap99, nalind The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/lgtm |
|
/cherry-pick v1.37 |
|
@mheon: once the present PR merges, I will cherry-pick it on top of v1.37 in a new PR and assign it to you. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@mheon: cannot checkout DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Argh |
|
@mheon: cannot checkout DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/cherry-pick release-1.37 |
Similar to github.com/containers/buildah/pull/5761 but not security critical as Podman does not have an expectation that mounts are scoped (the ability to write a --mount option is already the ability to mount arbitrary content into the container so sneaking arbitrary options into the mount doesn't have security implications). Still, bad practice to let users inject anything into the mount command line so let's not do that. Signed-off-by: Matt Heon <mheon@redhat.com>
Similar to github.com/containers/buildah/pull/5761 but not security critical as Podman does not have an expectation that mounts are scoped (the ability to write a --mount option is already the ability to mount arbitrary content into the container so sneaking arbitrary options into the mount doesn't have security implications). Still, bad practice to let users inject anything into the mount command line so let's not do that. Signed-off-by: Matt Heon <mheon@redhat.com>
What type of PR is this?
/kind bug
What this PR does / why we need it:
Validate that the value for the "bind-propagation" flag when handling "bind" and "cache" mounts in
buildah runor in RUN instructions is one of the values that we would accept without the "bind-propagation=" prefix.How to verify it
New integration tests!
Which issue(s) this PR fixes:
Addresses CVE-2024-9407.
Special notes for your reviewer:
Does this PR introduce a user-facing change?