Skip to content
This repository was archived by the owner on Oct 13, 2023. It is now read-only.

[19.03 backport] Pass root to chroot to for chroot Tar/Untar (CVE-2018-15664) #254

Merged
andrewhsu merged 2 commits into from
Jun 4, 2019
Merged

[19.03 backport] Pass root to chroot to for chroot Tar/Untar (CVE-2018-15664) #254

andrewhsu merged 2 commits into from
Jun 4, 2019

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Jun 3, 2019

backport of moby#39292 for 19.03

This is useful for preventing CVE-2018-15664 where a malicious container
process can take advantage of a race on symlink resolution/sanitization.

Before this change chrootarchive would chroot to the destination
directory which is attacker controlled. With this patch we always chroot
to the container's root which is not attacker controlled.

replaces moby#39252

cpuguy83 added 2 commits June 3, 2019 18:55
@cpuguy83 @thaJeztah
Pass root to chroot to for chroot Untar
9781cce 
This is useful for preventing CVE-2018-15664 where a malicious container
process can take advantage of a race on symlink resolution/sanitization.

Before this change chrootarchive would chroot to the destination
directory which is attacker controlled. With this patch we always chroot
to the container's root which is not attacker controlled.

Signed-off-by: Brian Goff <[email protected]>
(cherry picked from commit d089b63)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@cpuguy83 @thaJeztah
Add chroot for tar packing operations
3e057d5 
Previously only unpack operations were supported with chroot.
This adds chroot support for packing operations.
This prevents potential breakouts when copying data from a container.

Signed-off-by: Brian Goff <[email protected]>
(cherry picked from commit 3029e76)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah added this to the 19.03.0 milestone Jun 3, 2019
@thaJeztah
Copy link
Member Author

thaJeztah commented Jun 3, 2019

ping @cpuguy83 @justincormack PTAL

cpuguy83
cpuguy83 approved these changes Jun 3, 2019
View reviewed changes
Copy link

@cpuguy83 cpuguy83 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM once upstream is merged.

@thaJeztah
Copy link
Member Author

thaJeztah commented Jun 3, 2019

yes, opened in advance of that so that CI can run already; let me change to "WIP"

@thaJeztah thaJeztah changed the title [19.03 backport] Pass root to chroot to for chroot Tar/Untar (CVE-2018-15664) [WIP][19.03 backport] Pass root to chroot to for chroot Tar/Untar (CVE-2018-15664) Jun 3, 2019
@thaJeztah thaJeztah changed the title [WIP][19.03 backport] Pass root to chroot to for chroot Tar/Untar (CVE-2018-15664) [19.03 backport] Pass root to chroot to for chroot Tar/Untar (CVE-2018-15664) Jun 4, 2019
@thaJeztah
Copy link
Member Author

thaJeztah commented Jun 4, 2019

removed "WIP" as upstream was merged

andrewhsu
andrewhsu approved these changes Jun 4, 2019
View reviewed changes
Copy link

@andrewhsu andrewhsu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM on clean cherry-pick

@andrewhsu andrewhsu merged commit 36324c3 into docker-archive:19.03 Jun 4, 2019
@thaJeztah thaJeztah deleted the 19.03_backport_root_dir_on_copy branch June 4, 2019 16:33
This was referenced Jun 12, 2019
Merged
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@andrewhsu andrewhsu andrewhsu approved these changes

@cpuguy83 cpuguy83 cpuguy83 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

19.03.0

Development

Successfully merging this pull request may close these issues.

3 participants

@thaJeztah @andrewhsu @cpuguy83