-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure against (sensitive) mount options that contains , (comma)? #15
Comments
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close not-planned |
@k8s-triage-robot: Closing this issue, marking it as "Not Planned". In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
re: https://github.com/kubernetes/mount-utils/blob/master/mount_linux.go#L325
If mount options themselves contain a comma, it is possible for one mount option to be interpreted as multiple options.
This might be a problem especially for sensitive mount options that can cause leakages of sensitive values into logfiles.
e.g.
password=my,passw0rd
will give an error like: "Invalid mount option passw0rd" in the kernel log (denpeding on the mount driver)This issue might be out of scope for this library to handle, since fs-drivers (afaik, correct me?) behave differently and some might allow escaping of mount options with backslash while others might not. So I'm fine with this being closed as: "up to the implementer to guard against" - as long as that's a conscious decision.
The text was updated successfully, but these errors were encountered: