Page MenuHomePhabricator
Create Task
Maniphest T386921

toolforge: we may be allowing arbitrary host path mounts in containers
Closed, ResolvedPublicSecurity
Actions

Description

As of this writing, our kyverno pod policies don't disallow arbitrary host path mounts, which may mean that containers could mount arbitrary host paths from the k8s worker filesystem.

Preventing this using kyverno is easy, see for example: https://kyverno.io/policies/pod-security/baseline/disallow-host-path/disallow-host-path/

If we add a policy similar to that in kyverno, we may need to specify which host files are OK to mount:

  • NFS dirs
  • dumps dirs
  • ldap files
  • openstack credentials
  • etc

This may not need to be a per-tool policy.

Event Timeline

aborrero created this task.Feb 20 2025, 12:44 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 20 2025, 12:44 PM
aborrero triaged this task as Medium priority.Feb 20 2025, 12:44 PM
taavi edited projects, added Security; removed WMF-NDA.Feb 20 2025, 12:48 PM
taavi changed the visibility from "Custom Policy" to "Custom Policy".
taavi changed the edit policy from "Custom Policy" to "Custom Policy".
taavi changed the subtype of this task from "Task" to "Security Issue".
aborrero raised the priority of this task from Medium to High.Feb 20 2025, 1:30 PM
aborrero moved this task from Backlog to Doing on the User-aborrero board.
dcaro added a subscriber: Raymond_Ndibe.Feb 21 2025, 2:11 PM
fnegri added a comment.Feb 21 2025, 5:10 PM

I tried exploiting this from a random tool account, and it looks like we are indeed allowing arbitrary host mounts:

tools.whopaintedthis@tools-bastion-13:~$ cat test.yaml
apiVersion: v1
kind: Pod
metadata:
  name: test
spec:
  containers:
  - name: testmount
    image: docker-registry.tools.wmflabs.org/toolforge-bookworm-sssd:latest
    command: ["sleep", "60"]
    volumeMounts:
    - name: hostmount
      mountPath: /testmount
  volumes:
  - name: hostmount
    hostPath:
      path: /

tools.whopaintedthis@tools-bastion-13:~$ kubectl apply -f test.yaml
pod/test created
tools.whopaintedthis@tools-bastion-13:~$ kubectl exec -it test -- bash
I have no name!@test:/$ ls /testmount/
bin  boot  data  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  public  root  run  sbin  srv  sys  tmp  usr  var

Linux user permissions apply, so you cannot just access any random file on the host:

I have no name!@test:/$ ls /testmount/root/
ls: cannot open directory '/testmount/root/': Permission denied

I'm not sure if there is any real security risk, but it's probably a good idea to limit what can be mounted anyway.

aborrero moved this task from Doing to Radar/observer on the User-aborrero board.Mar 3 2025, 9:45 AM
dcaro closed this task as Resolved.Mar 11 2025, 12:29 PM
dcaro claimed this task.
dcaro edited projects, added Toolforge (Toolforge iteration 18); removed Toolforge.
dcaro moved this task from Next Up to Done on the Toolforge (Toolforge iteration 18) board.
taavi changed the visibility from "Custom Policy" to "Public (No Login Required)".Mar 24 2025, 3:46 PM
taavi changed the edit policy from "Custom Policy" to "All Users".
Andrew added a comment.Mar 28 2025, 7:31 PM

*bump*

aborrero added a comment.Apr 10 2025, 3:23 PM

this is fixed by patch: https://gitlab.wikimedia.org/repos/cloud/toolforge/volume-admission/-/merge_requests/25

Andrew added a comment.Apr 10 2025, 3:30 PM

thx arturo :)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits