Security: curl --insecure disables TLS verification during NVIDIA container build #54
Description
Note: This issue documents a vulnerability that was originally reported privately as the repository security advisory GHSA-6f59-hmhr-hgf3 by @pbeza.
Root Cause
The libnvidia-container build recipe sets export CURL="curl --insecure" and enables network access during compilation via do_compile[network] = "1". This combination means that dependencies fetched during the build process have no TLS certificate verification, making the build vulnerable to man-in-the-middle attacks.
# libnvidia-container_1.00.bb:42
export CURL = "curl --insecure"
# libnvidia-container_1.00.bb:60
do_compile[network] = "1"Attack Path
- Attacker performs a MitM attack on the network between the build machine and upstream servers
- Build process fetches dependencies using
curl --insecure— no TLS verification - Attacker substitutes malicious code for legitimate dependencies
- Malicious code is compiled into the libnvidia-container binary
- The binary is included in all NVIDIA-enabled dstack guest images
- Every CVM using GPU support runs the backdoored binary
Impact
Supply-chain attack: malicious code injected during the build process is included in all NVIDIA-enabled dstack images. The backdoored binary runs inside CVMs with access to all secrets and key material. This is a one-time compromise that affects all deployments using the resulting image.
Suggested Fix
- Remove
--insecureflag:export CURL = "curl"(or remove the override entirely) - Pin and verify checksums for all downloaded dependencies
- Ideally, pre-fetch all dependencies during
do_fetch(which supports checksums) rather than downloading duringdo_compile - If network access during compilation is unavoidable, use a local mirror with verified content
Note: This finding was reported automatically as part of an AI/Claude-driven internal audit by the NEAR One MPC team. It has not been manually verified by a human to confirm whether it constitutes an actual security issue.