From b7147edadbf241606f7debdd0ee9a4f29fba0bf8 Mon Sep 17 00:00:00 2001
From: Peng Tao <bergwolf@hyper.sh>
Date: Fri, 9 Oct 2020 12:04:48 +0800
Subject: [PATCH] agent: do not follow link when mounting container proc and
 sysfs

Attackers might use it to explore other containers in the same pod.
While it is still safe to allow it, we can just close the race window
like runc does.

Fixes: #885
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
---
 src/agent/rustjail/src/mount.rs | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/agent/rustjail/src/mount.rs b/src/agent/rustjail/src/mount.rs
index 4256a9832..b45ca97ce 100644
--- a/src/agent/rustjail/src/mount.rs
+++ b/src/agent/rustjail/src/mount.rs
@@ -205,6 +205,21 @@ pub fn init_rootfs(
                 check_proc_mount(m)?;
             }
 
+            // If the destination already exists and is not a directory, we bail
+            // out This is to avoid mounting through a symlink or similar -- which
+            // has been a "fun" attack scenario in the past.
+            if m.r#type == "proc" || m.r#type == "sysfs" {
+                if let Ok(meta) = fs::symlink_metadata(&m.destination) {
+                    if !meta.is_dir() {
+                        return Err(anyhow!(
+                            "Mount point {} must be ordinary directory: got {:?}",
+                            m.destination,
+                            meta.file_type()
+                        ));
+                    }
+                }
+            }
+
             mount_from(cfd_log, &m, &rootfs, flags, &data, "")?;
             // bind mount won't change mount options, we need remount to make mount options
             // effective.