Re: [oss-security] CVE-2024-45310: runc can be tricked into creating empty files/directories on host

Tue, 03 Sep 2024 07:03:57 -0700 

:Due to the low severity of this CVE, this security patch is being released with
:NO embargo period.
:
:[ Summary ]
:
:runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into
:creating empty files or directories in arbitrary locations in the host
:filesystem by sharing a volume between two containers and exploiting a race
:with os.MkdirAll. While this can be used to create empty files, existing
:files **will not** be truncated.
:
:An attacker must have the ability to start containers using some kind of custom
:volume configuration. Containers using user namespaces are still affected, but
:the scope of places an attacker can create inodes can be significantly reduced.
:Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block
:this attack -- we suspect the industry standard SELinux policy may restrict
:this attack's scope but the exact scope of protection hasn't been analysed.
:
:This is exploitable using runc directly as well as through Docker and
:Kubernetes.
:
:The CVSS score for this vulnerability is
:CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N (Low severity, 3.6).

While I suspect there's enough mitigating factors for this vuln to
truly be low severity, proving that arbitrary file creation isn't
super-severe (let alone risky) can be hard.  I'm thinking of the Palo
Alto mess CVE-2024-3400 from a few months back, where such behavior
was thought to not be as big of a deal...  until it was.

What is the security impact of creating an empty /etc/nologin?  Or an
empty override file that might cause some systemd service (e.g. some
firewall setup) to not to run upon reboot/restart?  Have there been OS
assessments about where empty arbitrarily-named files can do the most
disruption?  Maybe a title like:

     touch considered harmful: How the presence of a file can change
     OS and application behavior and make your head hurt

Sure, there's predictable tmp, and the impact of removing/overwriting
files is pretty obvious.  But, this runc writeup reminded me that the
impact of arbirary file creation often gets short-changed.


Take FWIW...
-Mike

-- 
 Michael J. O'Connor                                          [email protected]
 =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--=
"I buy expensive suits. They just look cheap on me."          -Warren Buffett

Reply via email to