imagepull + kernelcat: allow absolute symlink targets
Container (and kernel) layers routinely ship symlinks with absolute
targets — /usr/bin/mawk, /lib/modules/<ver>/build, etc. Those are
interpreted relative to the rootfs at runtime (`/` inside the VM),
not against the host filesystem, so they are rooted inside dest by
construction and need no escape check at write time.
The previous logic resolved absolute Linknames literally (against
the host root), compared to the staging dir, and rejected everything
that didn't happen to live under it. That made `banger image pull
docker.io/library/debian:bookworm` fail on the very first symlink
("etc/alternatives/awk -> /usr/bin/mawk").
Relative targets still get the traversal check — a relative
Linkname with ../s can genuinely escape dest at write time even if
in-VM resolution would be safe — so the defense against malicious
relative chains is intact.
Tests:
- TestFlattenAcceptsAbsoluteSymlink replaces the old overly-strict
test, using the exact etc/alternatives/awk -> /usr/bin/mawk case
that broke debian:bookworm.
- TestFlattenRejectsRelativeSymlinkEscape confirms relative-with-
traversal is still rejected with the same "unsafe symlink"
error.
Same fix applied in internal/kernelcat/fetch.go for consistency;
future kernel bundles with absolute symlinks in the modules tree
would otherwise hit the same wall.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
d5f72dfad9
commit
fdaf7cce0f
3 changed files with 57 additions and 22 deletions
|
|
@ -132,16 +132,18 @@ func applyEntry(tr *tar.Reader, hdr *tar.Header, dest string) error {
|
|||
if err := os.MkdirAll(filepath.Dir(abs), 0o755); err != nil {
|
||||
return err
|
||||
}
|
||||
// Resolve the link target relative to the link's parent and
|
||||
// require that it stays inside dest. Absolute targets that
|
||||
// resolve outside dest are also rejected.
|
||||
resolved := hdr.Linkname
|
||||
if !filepath.IsAbs(resolved) {
|
||||
resolved = filepath.Join(filepath.Dir(abs), resolved)
|
||||
}
|
||||
resolved = filepath.Clean(resolved)
|
||||
if resolved != dest && !strings.HasPrefix(resolved, dest+string(filepath.Separator)) {
|
||||
return fmt.Errorf("unsafe symlink in layer: %q -> %q", hdr.Name, hdr.Linkname)
|
||||
// Container layers commonly use absolute symlink targets like
|
||||
// "/usr/bin/mawk" — these are interpreted relative to the
|
||||
// rootfs (`/` inside the eventual VM), so they're rooted at
|
||||
// dest by construction and need no escape check.
|
||||
// Relative targets, however, can escape with "../"s and must
|
||||
// be checked against dest at write time (we never follow them
|
||||
// during extraction, but a future caller might).
|
||||
if !filepath.IsAbs(hdr.Linkname) {
|
||||
resolved := filepath.Clean(filepath.Join(filepath.Dir(abs), hdr.Linkname))
|
||||
if resolved != dest && !strings.HasPrefix(resolved, dest+string(filepath.Separator)) {
|
||||
return fmt.Errorf("unsafe symlink in layer: %q -> %q", hdr.Name, hdr.Linkname)
|
||||
}
|
||||
}
|
||||
if err := os.RemoveAll(abs); err != nil && !errors.Is(err, os.ErrNotExist) {
|
||||
return err
|
||||
|
|
|
|||
|
|
@ -237,11 +237,43 @@ func TestFlattenRejectsPathTraversal(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestFlattenRejectsUnsafeSymlink(t *testing.T) {
|
||||
func TestFlattenAcceptsAbsoluteSymlink(t *testing.T) {
|
||||
// Container layers regularly contain absolute symlinks like
|
||||
// /usr/bin/mawk — they're interpreted relative to the rootfs at
|
||||
// boot time, not against the host filesystem. They must extract
|
||||
// cleanly.
|
||||
host := startRegistry(t)
|
||||
ref := pushImage(t, host, "banger/test", "evil-sym",
|
||||
ref := pushImage(t, host, "banger/test", "abs-sym",
|
||||
makeLayer(t, []tarMember{
|
||||
{name: "evil", symlink: true, link: "/etc/passwd"}, // absolute target outside dest
|
||||
{name: "etc/alternatives/awk", symlink: true, link: "/usr/bin/mawk"},
|
||||
}),
|
||||
)
|
||||
pulled, err := Pull(context.Background(), ref, t.TempDir())
|
||||
if err != nil {
|
||||
t.Fatalf("Pull: %v", err)
|
||||
}
|
||||
dest := t.TempDir()
|
||||
if err := Flatten(context.Background(), pulled, dest); err != nil {
|
||||
t.Fatalf("Flatten: %v", err)
|
||||
}
|
||||
link := filepath.Join(dest, "etc/alternatives/awk")
|
||||
target, err := os.Readlink(link)
|
||||
if err != nil {
|
||||
t.Fatalf("readlink: %v", err)
|
||||
}
|
||||
if target != "/usr/bin/mawk" {
|
||||
t.Errorf("link target = %q, want /usr/bin/mawk", target)
|
||||
}
|
||||
}
|
||||
|
||||
func TestFlattenRejectsRelativeSymlinkEscape(t *testing.T) {
|
||||
// Relative symlinks with .. must still be rejected: the resolved
|
||||
// path can escape dest at the host level even if the in-VM
|
||||
// resolution would be safe.
|
||||
host := startRegistry(t)
|
||||
ref := pushImage(t, host, "banger/test", "rel-escape",
|
||||
makeLayer(t, []tarMember{
|
||||
{name: "etc/evil", symlink: true, link: "../../../../etc/passwd"},
|
||||
}),
|
||||
)
|
||||
pulled, err := Pull(context.Background(), ref, t.TempDir())
|
||||
|
|
@ -250,7 +282,7 @@ func TestFlattenRejectsUnsafeSymlink(t *testing.T) {
|
|||
}
|
||||
err = Flatten(context.Background(), pulled, t.TempDir())
|
||||
if err == nil || !strings.Contains(err.Error(), "unsafe symlink") {
|
||||
t.Fatalf("Flatten unsafe symlink: err=%v", err)
|
||||
t.Fatalf("Flatten relative escape: err=%v", err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue