Source: DeepSec Rust-focused direct pass 20260507013924-5f4812745ba339b2.
Severity: HIGH
Confidence: medium
File: crates/bashkit/src/snapshot.rs:326
Slug: other-cross-tenant-data-leak
Finding
restore_snapshot_inner applies shell state first and then calls self.fs.vfs_restore(vfs) without checking whether the filesystem was actually restored. The FileSystemExt contract returns false for unsupported restore, and InMemoryFs::restore can reject an invalid snapshot by returning early before clearing existing entries.
A forged unkeyed snapshot or malformed snapshot restored into a reused Bash instance can therefore return Ok after changing the attacker's shell state while leaving files from the previous tenant/session readable in the VFS.
Suggested Fix
Make VFS restore return Result and fail closed.
Validate shell and VFS state before mutating either, then apply restore atomically. If VFS is absent or invalid, explicitly clear it or return an error according to a caller-selected policy.
Source: DeepSec Rust-focused direct pass
20260507013924-5f4812745ba339b2.Severity: HIGH
Confidence: medium
File:
crates/bashkit/src/snapshot.rs:326Slug:
other-cross-tenant-data-leakFinding
restore_snapshot_innerapplies shell state first and then callsself.fs.vfs_restore(vfs)without checking whether the filesystem was actually restored. TheFileSystemExtcontract returns false for unsupported restore, andInMemoryFs::restorecan reject an invalid snapshot by returning early before clearing existing entries.A forged unkeyed snapshot or malformed snapshot restored into a reused
Bashinstance can therefore returnOkafter changing the attacker's shell state while leaving files from the previous tenant/session readable in the VFS.Suggested Fix
Make VFS restore return
Resultand fail closed.Validate shell and VFS state before mutating either, then apply restore atomically. If VFS is absent or invalid, explicitly clear it or return an error according to a caller-selected policy.