All Posts By

Amye Scavarda Perrin

OCI 2020 Elections and New TOB Members

By Blog

This past year proved to be another exciting year for OCI – we funded an open source security audit for runc, approved a new OCI Artifacts project, and announced OCI distribution-spec v1.0.0-rc0, bringing us closer to v1.0.0 final.

We also held another round of TOB elections, with new members kicking off a two-year term on the OCI Technical Oversight Board (TOB). The TOB is comprised of independently elected individuals who provide oversight of the technical leadership and serve as a point of appeal. Newly elected individuals include:

  • Phil Estes (IBM) [TOB Chair]
  • Wei Fu (Alibaba)
  • Jon Johnson (Google)
  • Samuel Karp (AWS)
  • Steve Lasker (Microsoft)

These newest TOB members join the following existing members, who are each in the middle of two-year terms:

  • Vincent Batts (Red Hat)
  • Michael Crosby (Docker)
  • Aleksa Sarai (SUSE)
  • Derek McGowan (Docker)

We want to say a huge thank you to all of our outgoing TOB members – Taylor Brown, Stephen Day, and Mrunal Patel – for their commitment to OCI and its growing project community. We look forward to your continued collaboration on all things container standards!

As always, we welcome contributions and feedback from the community – our continued progress depends on the support and collaboration of many!

If you’re interested in contributing to OCI, please join the OCI developer community. For those who are building products on OCI technology, we recommend joining as a member and visiting https://github.com/opencontainers for more details about releases and specifications in development.

Open Sourcing runc Security Audit

By Blog

Last last year, Cure53 performed a security audit of runc. runc is a CLI tool for spawning and running containers according to the OCI specification. 

There were two different focuses for the security audit, the first being a general security audit, and the second dedicated to manual code auditing aimed at finding implementation-related issues that can lead to security bugs. 

First, the general security audit inspected the overall code quality from a meta-level perspective. Some of the indicators taken into account encompassed test coverage, security vulnerability disclosure process, approaches to threat modeling and general code hardening measures. 

In the future, OCI will be improving its security reporting practices, as the audit noted that the project could benefit from additional incentives for reporting security issues.

Second, Cure53 describes the key aspects of the manual code audit together with manual pentesting and, since only one major issue was spotted, attests to the thoroughness of the audit and confirms the high quality of the runc project. 

The whole audit is available here

CVE-2019-19921

The race condition described in RUN-01-001 (CVE-2019-19921) is related to a more general problem with handling file paths textually, as well as assumptions made about procfs which were inaccurate and possible to work-around with some ingenuity. Aleksa Sarai (one of the maintainers of runc) has been working on solving this more general problem since June of last year, culminating in a new library called “libpathrs” which intends to solve this problem. The core idea is to use a file-descriptor based approach (combined with openat2 — a new syscall developed by Aleksa to help solve this problem which will be available in Linux 5.6) in order to resolve the core exploitable race conditions present in path lookup. An overview of this problem and further outstanding problems was given by Aleksa as a talk at Linux.conf.au 2020, and is available online

Unfortunately, this work is still a work-in-progress and is not yet ready for use within runc, and thus a temporary hotfix has been applied which disallows the core part of the procfs-based attack. It should be noted that this hotfix can be worked around by making the root of a container the volume of another container or by explicitly specifying the mountpoint of procfs inside a volume (thus, public clouds are recommended to review how much control untrusted users have over their mount configuration and should apply security policies as appropriate).