Merge pull request #65751 from andyzhangx/mount-windows-fix

Automatic merge from submit-queue (batch tested with PRs 65381, 65751). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. fix smb mount security issue **What this PR does / why we need it**: fix smb mount security issue: user PowerShell Environment Variables to store user input string to prevent command line injection, the env var in PowerShell would be taken as literal values and not as executable vulnerable code, this kind of fix is common for command line injection issue (called: parameterized way) Originally use go sdk for `New-SmbGlobalMapping` is best solution, while after discussion with Windows team, go API for `New-SmbGlobalMapping` is not ready yet and the new functionality of basic win32 API [NetUseAdd](https://msdn.microsoft.com/en-us/library/windows/desktop/aa370645(v=vs.85).aspx) is not public yet, use [PowerShell with Environment Variables](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-5.1) is also their recommended way. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #65750 **Special notes for your reviewer**: - This is a security issue fix, no behavior change, E2E test of smb mount passes. - Original logging as `azureMount` is incorrect since this mount_windows is for mount disk & smb, it's a common feature on Windows, not specific to Azure, I will send another PR to fixing all the logging naming issue, anyway it's not related to this security issue. Let's keep this PR simple. **Release note**: ``` fix smb mount security issue ``` /sig windows /sig storage /kind bug @jessfraz /assign @jsafrane @msau42
2025-07-23 11:50:44 +00:00 · 2018-07-03 06:16:06 -07:00 · 2018-07-03 06:16:06 -07:00 · d65039c56c
commit d65039c56c
parent dc0afb24d1 27bc865cc1
1 changed files with 12 additions and 6 deletions
--- a/pkg/util/mount/mount_windows.go
+++ b/pkg/util/mount/mount_windows.go
@ -83,14 +83,20 @@ func (mounter *Mounter) Mount(source string, target string, fstype string, optio
 			return fmt.Errorf("azureMount: only cifs mount is supported now, fstype: %q, mounting source (%q), target (%q), with options (%q)", fstype, source, target, options)
 		}

-		cmdLine := fmt.Sprintf(`$User = "%s";$PWord = ConvertTo-SecureString -String "%s" -AsPlainText -Force;`+
-			`$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord`,
-			options[0], options[1])
-
 		bindSource = source
-		cmdLine += fmt.Sprintf(";New-SmbGlobalMapping -RemotePath %s -Credential $Credential", source)

-		if output, err := exec.Command("powershell", "/c", cmdLine).CombinedOutput(); err != nil {
+		// use PowerShell Environment Variables to store user input string to prevent command line injection
+		// https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-5.1
+		cmdLine := fmt.Sprintf(`$PWord = ConvertTo-SecureString -String $Env:smbpassword -AsPlainText -Force` +
+			`;$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Env:smbuser, $PWord` +
+			`;New-SmbGlobalMapping -RemotePath $Env:smbremotepath -Credential $Credential`)
+
+		cmd := exec.Command("powershell", "/c", cmdLine)
+		cmd.Env = append(os.Environ(),
+			fmt.Sprintf("smbuser=%s", options[0]),
+			fmt.Sprintf("smbpassword=%s", options[1]),
+			fmt.Sprintf("smbremotepath=%s", source))
+		if output, err := cmd.CombinedOutput(); err != nil {
 			return fmt.Errorf("azureMount: SmbGlobalMapping failed: %v, only SMB mount is supported now, output: %q", err, string(output))
 		}
 	}