sneak/upaas
1
0
Fork 0
Code Issues 9 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

CRITICAL: Volume mounts allow access to any host path (Docker socket, /etc/shadow, etc.) #111

New Issue
Closed
opened 2026-02-20 13:50:31 +01:00 by clawbot · 1 comment
clawbot commented 2026-02-20 13:50:31 +01:00
Collaborator
Copy Link

Summary

Users can mount any absolute path on the host into their containers. The ValidateVolumePath function only checks that the path is absolute and clean — it does NOT restrict which paths are allowed.

Location

  • internal/handlers/app.goHandleVolumeAdd(), HandleVolumeEdit(), validateVolumePaths()
  • internal/handlers/app.goValidateVolumePath() (only checks absolute + clean)

Impact

An authenticated user can:

  1. Mount /var/run/docker.sockfull Docker API access = host root
  2. Mount /etc/shadow → read password hashes
  3. Mount / → read/write entire host filesystem
  4. Mount other apps' data directories → cross-tenant data access
  5. Mount /proc or /sys → container escape vectors

This is the most severe security issue for a PaaS platform.

Current Code

func ValidateVolumePath(p string) error {
    if p == "" { return ErrVolumePathEmpty }
    if !filepath.IsAbs(p) { return ErrVolumePathNotAbsolute }
    cleaned := filepath.Clean(p)
    if cleaned != p { return ErrVolumePathNotClean }
    return nil  // ANY absolute path is accepted!
}

Suggested Fix

Option A (Recommended): Restrict host paths to a configured base directory

func ValidateVolumePath(p string, allowedBase string) error {
    // ... existing checks ...
    // Host paths must be under the allowed base
    if !strings.HasPrefix(filepath.Clean(p), filepath.Clean(allowedBase)) {
        return ErrVolumePathOutsideAllowed
    }
    return nil
}

Add UPAAS_VOLUME_BASE_DIR config (e.g., /var/lib/upaas/volumes/) and restrict all host volume mounts to be under that directory.

Option B: Explicit deny list for dangerous paths (/var/run/docker.sock, /proc, /sys, /etc, /root, etc.) — less secure but simpler.

Option C: Use Docker named volumes instead of bind mounts — most secure, avoids host path access entirely.

Severity

CRITICAL — This is a trivially exploitable host compromise via the web UI or API.

## Summary Users can mount **any absolute path** on the host into their containers. The `ValidateVolumePath` function only checks that the path is absolute and clean — it does NOT restrict which paths are allowed. ## Location - `internal/handlers/app.go` — `HandleVolumeAdd()`, `HandleVolumeEdit()`, `validateVolumePaths()` - `internal/handlers/app.go` — `ValidateVolumePath()` (only checks absolute + clean) ## Impact An authenticated user can: 1. Mount `/var/run/docker.sock` → **full Docker API access = host root** 2. Mount `/etc/shadow` → read password hashes 3. Mount `/` → read/write entire host filesystem 4. Mount other apps' data directories → **cross-tenant data access** 5. Mount `/proc` or `/sys` → container escape vectors This is the most severe security issue for a PaaS platform. ## Current Code ```go func ValidateVolumePath(p string) error { if p == "" { return ErrVolumePathEmpty } if !filepath.IsAbs(p) { return ErrVolumePathNotAbsolute } cleaned := filepath.Clean(p) if cleaned != p { return ErrVolumePathNotClean } return nil // ANY absolute path is accepted! } ``` ## Suggested Fix Option A (Recommended): **Restrict host paths to a configured base directory** ```go func ValidateVolumePath(p string, allowedBase string) error { // ... existing checks ... // Host paths must be under the allowed base if !strings.HasPrefix(filepath.Clean(p), filepath.Clean(allowedBase)) { return ErrVolumePathOutsideAllowed } return nil } ``` Add `UPAAS_VOLUME_BASE_DIR` config (e.g., `/var/lib/upaas/volumes/`) and restrict all host volume mounts to be under that directory. Option B: **Explicit deny list** for dangerous paths (`/var/run/docker.sock`, `/proc`, `/sys`, `/etc`, `/root`, etc.) — less secure but simpler. Option C: **Use Docker named volumes instead of bind mounts** — most secure, avoids host path access entirely. ## Severity **CRITICAL** — This is a trivially exploitable host compromise via the web UI or API.
sneak commented 2026-02-20 14:28:44 +01:00
Owner
Copy Link

WONTFIX, working as intended

WONTFIX, working as intended
sneak closed this issue 2026-02-20 14:28:44 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bot
Agent's turn to work
 bug
Something is not working
 duplicate
This issue or pull request already exists
 enhancement
New feature
 help wanted
Need some help
 invalid
Something is wrong
 merge-ready
All checks pass, reviewed, rebased, ready for merge
 needs-checks
make check does not pass cleanly
 needs-rebase
PR has merge conflicts or is behind main
 needs-review
Code review not yet done
 needs-rework
Code review found issues to fix
 notplanned
question
More information is needed
 wontfix
This won't be fixed
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
clawbot sneak
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: sneak/upaas#111
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?