Buildah: buildah allows arbitrary directory mount
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
Affected products
- *
- <1.38.0
- *
- *
- *
- *
- *
Matching in nixpkgs
pkgs.cri-o
Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
pkgs.conmon
OCI container runtime monitor
pkgs.podman
Program for managing pods, containers and container images
pkgs.skopeo
Command line utility for various operations on container images and image repositories
pkgs.buildah
Tool which facilitates building OCI images
pkgs.conmon-rs
OCI container runtime monitor written in Rust
pkgs.podman-tui
Podman Terminal UI
pkgs.podman-compose
Implementation of docker-compose with podman backend
pkgs.podman-desktop
A graphical tool for developing on containers and Kubernetes
pkgs.cri-o-unwrapped
Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
pkgs.buildah-unwrapped
Tool which facilitates building OCI images
pkgs.nomad-driver-podman
Podman task driver for Nomad
pkgs.python311Packages.podman
Python bindings for Podman's RESTful API
Package maintainers
-
@saschagrunert Sascha Grunert <mail@saschagrunert.de>
-
@vdemeester Vincent Demeester <vincent@sbr.pm>
-
@cpcloud Phillip Cloud
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
-
@panda2134 panda2134 <me+nixpkgs@panda2134.site>
-
@aaronjheng Aaron Jheng <wentworth@outlook.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@developer-guy Batuhan Apaydın <developerguyn@gmail.com>
-
@nlewo Antoine Eiche <lewo@abesis.fr>