podman incorrectly allows containers, when created, to populate volumes that already have existing data inside. A malicious container image may use this flaw to overwrite existing files in a volume, even if it is mounted in read-only mode. The attack is possible only the first time a volume is used.
Vulnerability introduced in upstream commit:
First vulnerable upstream version is v1.6.0, which includes the above commit.
Function mountNamedVolume() is responsible for copying the content of the destination volume directory from the container to the volume. The copy (and the attack) happens only the first time because it is done when vol.state.NeedsCopyUp is True, which it is only at the beginning, since that field is set to False after perfoming the copy.
docker is not affected by this issue, even if it does support populating a volume using a container, as it checks whether the volume is empty before copying data from the container to the volume. Function populateVolumes() in create_unix.go of the docker code base is responsible for copying data from the container's rootfs into the volume. populateVolumes() calls CopyImagePathContent(), which in turn calls copyExistingContents() that checks whether the destination folder (the volume path) is empty or not. If the volume is not empty, the copy is not performed, thus preventing a malicious image from copying data into an existing container.
Name: Tristan De Cacqueray (Red Hat)
Upstream PR with fix: https://github.com/containers/libpod/pull/5168
If a volume needs to be attached as read-only to an untrusted container or container image, first attach it to a trusted container. Using the volume for the first time will make the attack impossible for other containers that are going to use the volume.
Podman versions earlier than 1.6.0 are not affected. That includes the podman versions in OCP 4.2 and earlier.
Merged into master as https://github.com/containers/libpod/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42
Setting to Post and assigning to Jindrich for kitting needs.