Skip to content

Commit 2fee799

Browse files
nalinddashea
nalind
authored and
dashea
committed
Fix TOCTOU error when bind and cache mounts use "src" values
Fix a time-of-check/time-of-use error when mounting type=bind and type=cache directories that use a "src" flag. A hostile writer could use a concurrently-running stage or build to replace that "src" location between the point when we had resolved possible symbolic links and when runc/crun/whatever actually went to create the bind mount (CVE-2024-11218). Stop ignoring the "src" option for cache mounts when there's no "from" option. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: David Shea <dshea@redhat.com>
1 parent 342510e commit 2fee799

File tree

11 files changed

+291
-126
lines changed

11 files changed

+291
-126
lines changed

cmd/buildah/run.go

+10-1
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ import (
1313
"github.com/containers/buildah/pkg/parse"
1414
"github.com/containers/buildah/util"
1515
"github.com/containers/storage/pkg/lockfile"
16+
"github.com/containers/storage/pkg/mount"
1617
"github.com/pkg/errors"
1718
"github.com/sirupsen/logrus"
1819
"github.com/spf13/cobra"
@@ -171,14 +172,22 @@ func runCmd(c *cobra.Command, args []string, iopts runInputOptions) error {
171172
if err != nil {
172173
return errors.Wrapf(err, "error building system context")
173174
}
174-
mounts, mountedImages, _, lockedTargets, err := internalParse.GetVolumes(systemContext, store, builder.MountLabel, iopts.volumes, iopts.mounts, iopts.contextDir, tmpDir)
175+
mounts, mountedImages, intermediateMounts, _, lockedTargets, err := internalParse.GetVolumes(systemContext, store, builder.MountLabel, iopts.volumes, iopts.mounts, iopts.contextDir, tmpDir)
175176
if err != nil {
176177
return err
177178
}
178179
defer func() {
179180
if err := overlay.CleanupContent(tmpDir); err != nil {
180181
logrus.Debugf("unmounting overlay mounts under %q: %v", tmpDir, err)
181182
}
183+
for _, intermediateMount := range intermediateMounts {
184+
if err := mount.Unmount(intermediateMount); err != nil {
185+
logrus.Debugf("unmounting mount %q: %v", intermediateMount, err)
186+
}
187+
if err := os.Remove(intermediateMount); err != nil {
188+
logrus.Debugf("removing should-be-empty mount directory %q: %v", intermediateMount, err)
189+
}
190+
}
182191
for _, mountedImage := range mountedImages {
183192
if _, err := store.UnmountImage(mountedImage, false); err != nil {
184193
logrus.Debugf("unmounting image %q: %v", mountedImage, err)

0 commit comments

Comments
 (0)