-
Notifications
You must be signed in to change notification settings - Fork 382
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Skopeo leaks details about the host in oci-archives #1627
Comments
Example:
You can just drop the |
Thanks for your report. Moving this to c/image, where it would be fixed. Note to self: This does not refer to layer data, but to the outer archive containing the OCI image format. Compare containers/podman#14978 . |
Non-Ruby demonstration: $ tar tvvf foo.tar
drwxr-xr-x 0 $user $group 0 Aug 10 17:32 blobs/
… |
From a quick look, it currently seems possible to override the UID/GID via |
It actually applies to both, at least as far as I can tell. I just think the
Notice the
|
It probably involves the same code but it’s very unlikely to be the same fix (because container images actually have various UID/GID values that must be preserved). So, please file the build part against Buildah. |
(Also, that note to self was because I was very confused how a copy could modify layer contents, because c/image just doesn’t touch the underlying tar data when |
Ah, got it. Will file second issue. |
Bin inside of the container is UID 1? Perhaps I don't understand the leak. |
@rhatdan Let’s discuss the build case in the Buildah issue. |
…count IDs A prerequisite for fixing containers/image#1627 . Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Instead of relying on the remote server to create tar files with the right account IDs (which the remote server doesn't even know, when the client and server run under different accounts), have the remote client ignore the account IDs when unpacking. Then just hard-code 0 in the remote server, so that the remote server's account identity does not leak in the tar file contents. Compare containers/image#1627 . [NO NEW TESTS NEEDED] : #18563 suggests that existing tests already cover these code paths / properties. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
When running
the resulting /tmp/x.tar contains references to the current user. In particular
it seems that uname and gname are set to the current user and group. uid and
gid are set as well (I think they should simply be 0 since they are not
relevant on this level in the oci-archive). I don't think there is a good
reason to leak this information about the host running the skopeo-copy.
I think the same happening even with the layers inside the oci-archive when
doing podman save, but I assume root cause will be the same so I'm not filling
that separately (I can if it is desired).
The text was updated successfully, but these errors were encountered: