-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Content type mismatch does not cancel image pull #20343
Comments
@vrothberg What do you think about adding a containers.conf setting to force failing on pulling mismatch? |
Thanks for reaching out, @sanmai-NL !
@mtrmac is there a reason to continue pulling in that case? It is surprising at first glance but I may be missing background.
Does it really increase the attack surface? A server could very well set the content type to |
@vrothberg Yes, it's a minor increase, I suppose. Once an attacker can alter the content but not headers of any HTTP endpoint, e.g., on a service otherwise normally intended as image registry, e.g. compromising a web app template to include a file on some unrelated path (route) on the GitLab instance, then the lack of content type filtering means an increased attack surface. |
I don’t see anything to indicate “does not cancel image pull ”; the image pull does fail, and stop, doesn’t it? What happens here is:
And this order of operations is, I think, correct: The code could check for status 404 first, and terminate without logging the If anything, I think the code should be parsing the values more, to return different “a registry exists, but the image does not” vs. “this is not a registry at all” errors. |
A friendly reminder that this issue had no activity for 30 days. |
@mtrmac I read the log line at I'm not suggesting to not log the content type, just not the data/contents. Can you explain your last sentence? You needn't parse data to discern an unreachable registry from an invalid endpoint. |
“an unreachable registry” does not play a role here; “this is not a registry at all” (but a website) is not the same thing as “an unreachable registry”. |
As a general matter, “reading and logging data from a server increases an attack surface”… is not untrue but it’s also not something I worry about. It is inherently happening every time a server reports an error text and that error text is surfaced to the user (in fact that’s much worse, because the text passes through Unicode layout and rendering, and the text is human-comprehensible and it could convince the human to violate the security policy of the system). There’s some “background level” of risk inherent in using client-server applications and it’s just not practical to avoid it without compromising other things users care about. In fact, the response body even goes through two JSON parse operations before it becomes this “unexpected response, here’s the prefix of the body” error message. In that context, it just doesn’t make sense to me to worry about the “increased attack surface” of I’ll make that even worse: with containers/image#2186 , the text goes through an extra quoting stage. Does that increase an attack surface? Yes, but also, no. |
Issue Description
See title.
I see a possible security impact since this increases the attack surface for parser/deserializer weaknesses. The current behavior also is not in line with the fail-fast principle.
This issue occurs in practice even without a misconfiguration by a user, whenever GitLab's Container Registry is turned off or suddenly unavailable due to GitLab platform behavior, image fetching endpoints return HTML content.
Steps to reproduce the issue
Steps to reproduce the issue
podman build
with aContainerfile
with aFROM
instruction that ends up sending an HTTP requesting that gets an HTML response.Describe the results you received
Describe the results you expected
podman build
already determines the content type (see log line of 2023-10-12T07:38:21Z), and after it finds an unexpected content type, such as any subtype oftext
, cancel the pulling operation and raise a fault.podman info output
I have this issue with the latest Podman image on Quay. Sorry, not able to provide more details now.
Podman in a container
Yes
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
Additional environment details
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: