Skip to content

Commit f0e87b7

Browse files
nalinddashea
nalind
authored and
dashea
committed
Fix TOCTOU error when bind and cache mounts use "src" values
Fix a time-of-check/time-of-use error when mounting type=bind and type=cache directories that use a "src" flag. A hostile writer could use a concurrently-running stage or build to replace that "src" location between the point when we had resolved possible symbolic links and when runc/crun/whatever actually went to create the bind mount (CVE-2024-11218). Stop ignoring the "src" option for cache mounts when there's no "from" option. Signed-off-by: Nalin Dahyabhai <[email protected]> Signed-off-by: David Shea <[email protected]>
1 parent 17f38a6 commit f0e87b7

File tree

13 files changed

+297
-128
lines changed

13 files changed

+297
-128
lines changed

cmd/buildah/run.go

+10-1
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ import (
1313
"github.com/containers/buildah/pkg/overlay"
1414
"github.com/containers/buildah/pkg/parse"
1515
"github.com/containers/buildah/util"
16+
"github.com/containers/storage/pkg/mount"
1617
"github.com/sirupsen/logrus"
1718
"github.com/spf13/cobra"
1819
)
@@ -170,14 +171,22 @@ func runCmd(c *cobra.Command, args []string, iopts runInputOptions) error {
170171
if err != nil {
171172
return fmt.Errorf("error building system context: %w", err)
172173
}
173-
mounts, mountedImages, _, lockedTargets, err := internalParse.GetVolumes(systemContext, store, builder.MountLabel, iopts.volumes, iopts.mounts, iopts.contextDir, tmpDir)
174+
mounts, mountedImages, intermediateMounts, _, lockedTargets, err := internalParse.GetVolumes(systemContext, store, builder.MountLabel, iopts.volumes, iopts.mounts, iopts.contextDir, tmpDir)
174175
if err != nil {
175176
return err
176177
}
177178
defer func() {
178179
if err := overlay.CleanupContent(tmpDir); err != nil {
179180
logrus.Debugf("unmounting overlay mounts under %q: %v", tmpDir, err)
180181
}
182+
for _, intermediateMount := range intermediateMounts {
183+
if err := mount.Unmount(intermediateMount); err != nil {
184+
logrus.Debugf("unmounting mount %q: %v", intermediateMount, err)
185+
}
186+
if err := os.Remove(intermediateMount); err != nil {
187+
logrus.Debugf("removing should-be-empty mount directory %q: %v", intermediateMount, err)
188+
}
189+
}
181190
for _, mountedImage := range mountedImages {
182191
if _, err := store.UnmountImage(mountedImage, false); err != nil {
183192
logrus.Debugf("unmounting image %q: %v", mountedImage, err)

0 commit comments

Comments
 (0)