COPY and RUN commands have full access to the filesystem

[patrickschur]

Actual behavior
If you build an image with Kaniko each COPY and RUN command has full acccess to the filesystem (even to files outside of the workspace). A (malicious) Dockerfile can be used to read, write or modify arbitrary files on the filesystem. E.g. you can read the credentials from /kaniko/.docker/config.json or modify other files to change the behaviour of subsequent builds (in case you build multiple images like we do).

Expected behavior
Builds should only have access to files inside /workspace and the extracted filesystem and not /kaniko or other directories part of Kaniko. Would be possible to extract the filesystem and execute each command in a temporary directory instead of using the root directory? If it's not possible can we then introduce a new flag like --chroot to build the image inside of a temporary directory? Of course this would require the sys_chroot capability.

To Reproduce

1. Create a Dockerfile called Dockerfile.1:

FROM gcr.io/kaniko-project/executor:v1.8.1-debug

# Replace the ls command with our own implementation
RUN rm -f /busybox/ls && echo -e "#!/bin/sh\necho not ls" > /busybox/ls && chmod +x /busybox/ls

2. Create another Dockerfile called Dockerfile.2:

FROM gcr.io/kaniko-project/executor:v1.8.1-debug

# I would expect this to fail with an error message like 
# "There is no such file or directory called /kaniko/.docker/config.json"
# and ls should list all files in the current directory
RUN cat /kaniko/.docker/config.json && ls

3. Run Kaniko via:

docker run -it --rm \
  -v $(pwd):/workspace \
  -v $HOME/.docker/config.json:/kaniko/.docker/config.json:ro \
  --entrypoint sh gcr.io/kaniko-project/executor:v1.8.1-debug

4. Build Dockerfile.1:

executor --dockerfile Dockerfile.1 -d example --no-push --cleanup

5. Build Dockerfile.2.

executor --dockerfile Dockerfile.2 -d example --no-push --cleanup

Output of the second build log:

INFO[0000] Retrieving image manifest gcr.io/kaniko-project/executor:v1.8.1-debug
INFO[0000] Retrieving image gcr.io/kaniko-project/executor:v1.8.1-debug from registry gcr.io
INFO[0001] Built cross stage deps: map[]
INFO[0001] Retrieving image manifest gcr.io/kaniko-project/executor:v1.8.1-debug
INFO[0001] Returning cached image manifest
INFO[0001] Executing 0 build triggers
INFO[0001] Unpacking rootfs as cmd RUN cat /kaniko/.docker/config.json && ls requires it.
INFO[0009] RUN cat /kaniko/.docker/config.json && ls
INFO[0009] Taking snapshot of full filesystem...
INFO[0009] cmd: /bin/sh
INFO[0009] args: [-c cat /kaniko/.docker/config.json && ls]
INFO[0009] Running: [/bin/sh -c cat /kaniko/.docker/config.json && ls]
{"auths":{}}
not ls
INFO[0009] Taking snapshot of full filesystem...
INFO[0009] No files were changed, appending empty layer to config. No layer added to image.
INFO[0009] Deleting filesystem...
INFO[0009] Skipping push to container registry due to --no-push flag

As you can see Kaniko prints the credentials and the ls command was replaced with our own implementation which should not happen.

Description	Yes/No
Please check if this a new feature you are proposing
Please check if the build works in docker but not in kaniko
Please check if this error is seen when you use --cache flag
Please check if your dockerfile is a multistage dockerfile