ESR-01-001 WP1: Argument Injection to Container Start via Console (Medium)
flxo opened this issue · 1 comments
Console connections like this one increase the risk of containers being able to execute powerful commands like, for instance, starting a new container. For that purpose, Northstar associates a set of permissions with each container and defines them in the Manifest file. The container is able to execute the corresponding command in line with the Manifest.
As noted, the permissions include initialization of a container. Upon starting a new container via a console connection, the responsible container provides arguments to the init process used during the startup. However, it was found that these arguments did not get sanitized with regard to length. Furthermore, there are no checks to determine whether the provided arguments are also part of the Manifest or not.
The current process could be leveraged by an attacker to inject arbitrary arguments to the init process of a container, making it possible for a malicious container to override the arguments defined within the Manifest. Depending on the init process, this could have a fatal impact.