mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-17 01:30:44 +00:00
In confidential mode, the host is not trusted and might try to create malicious files in the guest VM. This commit changes the implementation of the CopyFile method to use pathrs, which is designed to prevent accidental writes to locations outside the shared directory (/run/kata-containers/shared/containers). It also adds a detailed description of what the method does, and test cases for intended and malicious use cases. This was originally considered as a mitigation candidate for https://github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8cc, but we decided to go with the simpler change to address the immediate risk. It's still desirable to lock down CopyFile writes for defense in depth, thus the resubmission outside the GHSA. Signed-off-by: Markus Rudy <mr@edgeless.systems>