-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security considerations of pull_request_target github action workflows #2214
Comments
yes, executing untrusted code in the context of the project repo is just a large attack vector. there are ways to siphon secrets from those runs through various means that are hard to spot in a review (like string extrapolation). see here We use one risky practice (pull_request_target) as a remedy for another insecure practice (operating self-hosted runners on a public repo) I don't think there is an easy way out. We do want to run untrusted code on-hosted-runners, we cannot harden this 100%, we can only replace problem X with problem Y. I think we can cordon off problem Y to areas where problem X exists, and try to find more remedies for Y. Currently we extend problem Y to places where we do not have problem X (no private runners). Mostly for architectural reasons to keep things DRY. I'd argue we should architect the pipelines security-first and then consolidate what's possible with the less-secure workflows. That would imply, if I'm not missing something, that a random user is able to open a PR and this PR is running github-hosted e2e tests without any privileges required.
I would say the merged code we do trust - or I wouldn't know what else to trust. The crux of |
There are reports about recent supply-chain attacks that use pull_request_target as an entry vector to comprise an open source project's binaries in ways that are very hard to prevent or even detect.
There is clear advice against using foreign, untrusted code in a pull_request_target workflow that is running with the privileges and secrets of the project's repo. Our CI use case makes it hard to consider this advice, we want/have to run foreign code on private runners for architectures (s390x atm, maybe more later) not covered in github-hosted runners.
However, we can maybe carefully quarantine those s390x jobs into simple and heavily scrutinized workflows that will run in a pull_request_target context.
The amd64 jobs that we run on a PR should not require special privileges, they should be able to run in the context of the PR opener's fork. At the moment this is not possible:
PodVM
artifacts are passed around as OCI images. you need write access to a registry for that, but I suspect that's an implementation detail that can be reworked to use the GH action artifact store.
CAA Image
that's harder. since we need an actual OCI image to launch as daemonset. maybe we can use a k8s-hosted registry. problem: the test provisioner code wants to create the cluster and deploy CAA. the installation of the registry and the pushing of the CAA daemonset image would have to be somehow injected between both.
The text was updated successfully, but these errors were encountered: