internal/app: check nscd socket for path hiding
Some checks failed
Test / Create distribution (push) Successful in 33s
Test / Hakurei (push) Successful in 3m7s
Test / Hpkg (push) Successful in 4m0s
Test / Hakurei (race detector) (push) Successful in 5m16s
Test / Sandbox (race detector) (push) Failing after 2m20s
Test / Flake checks (push) Has been skipped
Test / Sandbox (push) Failing after 2m15s
Some checks failed
Test / Create distribution (push) Successful in 33s
Test / Hakurei (push) Successful in 3m7s
Test / Hpkg (push) Successful in 4m0s
Test / Hakurei (race detector) (push) Successful in 5m16s
Test / Sandbox (race detector) (push) Failing after 2m20s
Test / Flake checks (push) Has been skipped
Test / Sandbox (push) Failing after 2m15s
This can seriously break things, and exposes extra host attack surface, so include it here. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
parent
ae7b343cde
commit
7a83354cbd
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
@ -73,6 +73,7 @@ func TestApp(t *testing.T) {
|
||||
Readonly(m("/var/run/nscd"), 0755).
|
||||
Etc(m("/etc/"), "4a450b6596d7bc15bd01780eb9a607ac").
|
||||
Tmpfs(m("/run/user/1971"), 8192, 0755).
|
||||
Tmpfs(m("/run/nscd"), 8192, 0755).
|
||||
Tmpfs(m("/run/dbus"), 8192, 0755).
|
||||
Remount(m("/dev/"), syscall.MS_RDONLY).
|
||||
Tmpfs(m("/run/user/"), 4096, 0755).
|
||||
@ -209,6 +210,7 @@ func TestApp(t *testing.T) {
|
||||
Readonly(m("/var/run/nscd"), 0755).
|
||||
Etc(m("/etc/"), "ebf083d1b175911782d413369b64ce7c").
|
||||
Tmpfs(m("/run/user/1971"), 8192, 0755).
|
||||
Tmpfs(m("/run/nscd"), 8192, 0755).
|
||||
Tmpfs(m("/run/dbus"), 8192, 0755).
|
||||
Remount(m("/dev/"), syscall.MS_RDONLY).
|
||||
Tmpfs(m("/run/user/"), 4096, 0755).
|
||||
@ -552,6 +554,8 @@ func (k *stubNixOS) tempdir() string { return "/tmp/" }
|
||||
|
||||
func (k *stubNixOS) evalSymlinks(path string) (string, error) {
|
||||
switch path {
|
||||
case "/var/run/nscd":
|
||||
return "/run/nscd", nil
|
||||
case "/run/user/1971":
|
||||
return "/run/user/1971", nil
|
||||
case "/tmp/hakurei.0":
|
||||
|
||||
@ -13,6 +13,8 @@ import (
|
||||
"hakurei.app/system/dbus"
|
||||
)
|
||||
|
||||
const varRunNscd = container.FHSVar + "run/nscd"
|
||||
|
||||
// spParamsOp initialises unordered fields of [container.Params] and the optional root filesystem.
|
||||
// This outcomeOp is hardcoded to always run first.
|
||||
type spParamsOp struct {
|
||||
@ -121,8 +123,14 @@ func (s spFilesystemOp) toSystem(state *outcomeStateSys, _ *hst.Config) error {
|
||||
this feature tries to improve user experience of permissive defaults, and
|
||||
to warn about issues in custom configuration; it is NOT a security feature
|
||||
and should not be treated as such, ALWAYS be careful with what you bind */
|
||||
var hidePaths []string
|
||||
hidePaths = append(hidePaths, state.sc.RuntimePath.String(), state.sc.SharePath.String())
|
||||
hidePaths := []string{
|
||||
state.sc.RuntimePath.String(),
|
||||
state.sc.SharePath.String(),
|
||||
|
||||
// this causes emulated passwd database to be bypassed on some /etc/ setups
|
||||
varRunNscd,
|
||||
}
|
||||
|
||||
_, systemBusAddr := dbus.Address()
|
||||
if entries, err := dbus.Parse([]byte(systemBusAddr)); err != nil {
|
||||
return &hst.AppError{Step: "parse dbus address", Err: err}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user