-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: %files
from stage fails to copy relative symlinks
#2607
Comments
The error |
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
May 15, 2024
In a build stage, a valid relative symlink can be created that points to a location in the rootfs that is above the location of the symlink. E.g.: /usr/mydir/mysubdir/true -> ../../../bin/true This symlink is valid in the rootfs. It resolves to `/bin/true`. If we attempt to copy `/usr/mydir` into a new build stage, then prior to this PR the symlink would cause the copy to fail. We have been using `CopyFromTar` to copy from src `<stage1>/usr/mydir`, to `<stage2>/usr/mydir`. The `CopyFromTar` routines enforce that the target of a hard link or symlink must be under dst, or a fatal error is raised to avoid a breakout attack. When copying between stages our boundary is not dst, but the top level of the destination stage's rootfs. We must allow links to be created that are above dst, but withing the stage rootfs. To resolve the issue, bring over enough code from `docker/docker/pkg/archive` that we can implement a `CopyFromTarWithRoot`, that performs the same as `CopyFromTar`, except that we can specify a destination root directory. Any hard links and symlink targets under this destination root directory are valid. Fixes sylabs#2607
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
May 15, 2024
In a build stage, a valid relative symlink can be created that points to a location in the rootfs that is above the location of the symlink. E.g.: /usr/mydir/mysubdir/true -> ../../../bin/true This symlink is valid in the rootfs. It resolves to `/bin/true`. If we attempt to copy `/usr/mydir` into a new build stage, then prior to this PR the symlink would cause the copy to fail. We have been using `CopyFromTar` to copy from src `<stage1>/usr/mydir`, to `<stage2>/usr/mydir`. The `CopyFromTar` routines enforce that the target of a hard link or symlink must be under dst, or a fatal error is raised to avoid a breakout attack. When copying between stages our boundary is not dst, but the top level of the destination stage's rootfs. We must allow links to be created that are above dst, but withing the stage rootfs. To resolve the issue, bring over enough code from `docker/docker/pkg/archive` that we can implement a `CopyFromTarWithRoot`, that performs the same as `CopyFromTar`, except that we can specify a destination root directory. Any hard links and symlink targets under this destination root directory are valid. Fixes sylabs#2607
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
May 15, 2024
In a build stage, a valid relative symlink can be created that points to a location in the rootfs that is above the location of the symlink. E.g.: /usr/mydir/mysubdir/true -> ../../../bin/true This symlink is valid in the rootfs. It resolves to `/bin/true`. If we attempt to copy `/usr/mydir` into a new build stage, then prior to this PR the symlink would cause the copy to fail. We have been using `CopyFromTar` to copy from src `<stage1>/usr/mydir`, to `<stage2>/usr/mydir`. The `CopyFromTar` routines enforce that the target of a hard link or symlink must be under dst, or a fatal error is raised to avoid a breakout attack. When copying between stages our boundary is not dst, but the top level of the destination stage's rootfs. We must allow links to be created that are above dst, but withing the stage rootfs. To resolve the issue, bring over enough code from `docker/docker/pkg/archive` that we can implement a `CopyFromTarWithRoot`, that performs the same as `CopyFromTar`, except that we can specify a destination root directory. Any hard links and symlink targets under this destination root directory are valid. Fixes sylabs#2607
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
May 16, 2024
In a build stage, a valid relative symlink can be created that points to a location in the rootfs that is above the location of the symlink. E.g.: /usr/mydir/mysubdir/true -> ../../../bin/true This symlink is valid in the rootfs. It resolves to `/bin/true`. If we attempt to copy `/usr/mydir` into a new build stage, then prior to this PR the symlink would cause the copy to fail. We have been using `CopyFromTar` to copy from src `<stage1>/usr/mydir`, to `<stage2>/usr/mydir`. The `CopyFromTar` routines enforce that the target of a hard link or symlink must be under dst, or a fatal error is raised to avoid a breakout attack. When copying between stages our boundary is not dst, but the top level of the destination stage's rootfs. We must allow links to be created that are above dst, but withing the stage rootfs. To resolve the issue, bring over enough code from `docker/docker/pkg/archive` that we can implement a `CopyFromTarWithRoot`, that performs the same as `CopyFromTar`, except that we can specify a destination root directory. Any hard links and symlink targets under this destination root directory are valid. Fixes sylabs#2607
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
May 16, 2024
In a build stage, a valid relative symlink can be created that points to a location in the rootfs that is above the location of the symlink. E.g.: /usr/mydir/mysubdir/true -> ../../../bin/true This symlink is valid in the rootfs. It resolves to `/bin/true`. If we attempt to copy `/usr/mydir` into a new build stage, then prior to this PR the symlink would cause the copy to fail. We have been using `CopyFromTar` to copy from src `<stage1>/usr/mydir`, to `<stage2>/usr/mydir`. The `CopyFromTar` routines enforce that the target of a hard link or symlink must be under dst, or a fatal error is raised to avoid a breakout attack. When copying between stages our boundary is not dst, but the top level of the destination stage's rootfs. We must allow links to be created that are above dst, but within the stage rootfs. To resolve the issue, bring over enough code from `docker/docker/pkg/archive` that we can implement a `CopyFromTarWithRoot`, that performs the same as `CopyFromTar`, except that we can specify a destination root directory. Any hard links and symlink targets under this destination root directory are valid. Fixes sylabs#2607
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
May 16, 2024
In a build stage, a valid relative symlink can be created that points to a location in the rootfs that is above the location of the symlink. E.g.: /usr/mydir/mysubdir/true -> ../../../bin/true This symlink is valid in the rootfs. It resolves to `/bin/true`. If we attempt to copy `/usr/mydir` into a new build stage, then prior to this PR the symlink would cause the copy to fail. We have been using `CopyFromTar` to copy from src `<stage1>/usr/mydir`, to `<stage2>/usr/mydir`. The `CopyFromTar` routines enforce that the target of a hard link or symlink must be under dst, or a fatal error is raised to avoid a breakout attack. When copying between stages our boundary is not dst, but the top level of the destination stage's rootfs. We must allow links to be created that are above dst, but within the stage rootfs. To resolve the issue, bring over enough code from `docker/docker/pkg/archive` that we can implement a `CopyFromTarWithRoot`, that performs the same as `CopyFromTar`, except that we can specify a destination root directory. Any hard links and symlink targets under this destination root directory are valid. Fixes sylabs#2607
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
May 16, 2024
In a build stage, a valid relative symlink can be created that points to a location in the rootfs that is above the location of the symlink. E.g.: /usr/mydir/mysubdir/true -> ../../../bin/true This symlink is valid in the rootfs. It resolves to `/bin/true`. If we attempt to copy `/usr/mydir` into a new build stage, then prior to this PR the symlink would cause the copy to fail. We have been using `CopyFromTar` to copy from src `<stage1>/usr/mydir`, to `<stage2>/usr/mydir`. The `CopyFromTar` routines enforce that the target of a hard link or symlink must be under dst, or a fatal error is raised to avoid a breakout attack. When copying between stages our boundary is not dst, but the top level of the destination stage's rootfs. We must allow links to be created that are above dst, but within the stage rootfs. To resolve the issue, bring over enough code from `docker/docker/pkg/archive` that we can implement a `CopyFromTarWithRoot`, that performs the same as `CopyFromTar`, except that we can specify a destination root directory. Any hard links and symlink targets under this destination root directory are valid. Fixes sylabs#2607
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
May 16, 2024
In a build stage, a valid relative symlink can be created that points to a location in the rootfs that is above the location of the symlink. E.g.: /usr/mydir/mysubdir/true -> ../../../bin/true This symlink is valid in the rootfs. It resolves to `/bin/true`. If we attempt to copy `/usr/mydir` into a new build stage, then prior to this PR the symlink would cause the copy to fail. We have been using `CopyFromTar` to copy from src `<stage1>/usr/mydir`, to `<stage2>/usr/mydir`. The `CopyFromTar` routines enforce that the target of a hard link or symlink must be under dst, or a fatal error is raised to avoid a breakout attack. When copying between stages our boundary is not dst, but the top level of the destination stage's rootfs. We must allow links to be created that are above dst, but within the stage rootfs. To resolve the issue, bring over enough code from `docker/docker/pkg/archive` that we can implement a `CopyFromTarWithRoot`, that performs the same as `CopyFromTar`, except that we can specify a destination root directory. Any hard links and symlink targets under this destination root directory are valid. Fixes sylabs#2607
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
May 16, 2024
In a build stage, a valid relative symlink can be created that points to a location in the rootfs that is above the location of the symlink. E.g.: /usr/mydir/mysubdir/true -> ../../../bin/true This symlink is valid in the rootfs. It resolves to `/bin/true`. If we attempt to copy `/usr/mydir` into a new build stage, then prior to this PR the symlink would cause the copy to fail. We have been using `CopyFromTar` to copy from src `<stage1>/usr/mydir`, to `<stage2>/usr/mydir`. The `CopyFromTar` routines enforce that the target of a hard link or symlink must be under dst, or a fatal error is raised to avoid a breakout attack. When copying between stages our boundary is not dst, but the top level of the destination stage's rootfs. We must allow links to be created that are above dst, but within the stage rootfs. To resolve the issue, bring over enough code from `docker/docker/pkg/archive` that we can implement a `CopyFromTarWithRoot`, that performs the same as `CopyFromTar`, except that we can specify a destination root directory. Any hard links and symlink targets under this destination root directory are valid. Fixes sylabs#2607
dtrudg
added a commit
to dtrudg/singularity
that referenced
this issue
May 16, 2024
In a build stage, a valid relative symlink can be created that points to a location in the rootfs that is above the location of the symlink. E.g.: /usr/mydir/mysubdir/true -> ../../../bin/true This symlink is valid in the rootfs. It resolves to `/bin/true`. If we attempt to copy `/usr/mydir` into a new build stage, then prior to this PR the symlink would cause the copy to fail. We have been using `CopyFromTar` to copy from src `<stage1>/usr/mydir`, to `<stage2>/usr/mydir`. The `CopyFromTar` routines enforce that the target of a hard link or symlink must be under dst, or a fatal error is raised to avoid a breakout attack. When copying between stages our boundary is not dst, but the top level of the destination stage's rootfs. We must allow links to be created that are above dst, but within the stage rootfs. To resolve the issue, bring over enough code from `docker/docker/pkg/archive` that we can implement a `CopyFromTarWithRoot`, that performs the same as `CopyFromTar`, except that we can specify a destination root directory. Any hard links and symlink targets under this destination root directory are valid. Fixes sylabs#2607
cyanezstange
pushed a commit
to cyanezstange/singularity
that referenced
this issue
Jun 4, 2024
In a build stage, a valid relative symlink can be created that points to a location in the rootfs that is above the location of the symlink. E.g.: /usr/mydir/mysubdir/true -> ../../../bin/true This symlink is valid in the rootfs. It resolves to `/bin/true`. If we attempt to copy `/usr/mydir` into a new build stage, then prior to this PR the symlink would cause the copy to fail. We have been using `CopyFromTar` to copy from src `<stage1>/usr/mydir`, to `<stage2>/usr/mydir`. The `CopyFromTar` routines enforce that the target of a hard link or symlink must be under dst, or a fatal error is raised to avoid a breakout attack. When copying between stages our boundary is not dst, but the top level of the destination stage's rootfs. We must allow links to be created that are above dst, but within the stage rootfs. To resolve the issue, bring over enough code from `docker/docker/pkg/archive` that we can implement a `CopyFromTarWithRoot`, that performs the same as `CopyFromTar`, except that we can specify a destination root directory. Any hard links and symlink targets under this destination root directory are valid. Fixes sylabs#2607
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version of Singularity
main
Describe the bug
The following definition file fails to build:
The text was updated successfully, but these errors were encountered: