When performing bind mounts as part of a build-time RUN step, the ‘source’ argument is not validated to ensure that it exists within the root filesystem. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
Created buildah tracking bugs for this issue: Affects: fedora-all [bug 2270125] Created podman tracking bugs for this issue: Affects: fedora-all [bug 2270124]
removed buildah affects for openshift per comment on OCPBUGS-31004 and related openshift-4/buildah trackers
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2055 https://access.redhat.com/errata/RHSA-2024:2055
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:2064 https://access.redhat.com/errata/RHSA-2024:2064
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:2066 https://access.redhat.com/errata/RHSA-2024:2066