Podman Build Context Information Disclosure Vulnerability

A vulnerability exists in Podman where data written to RUN --mount=type=bind mounts during the build process is not properly discarded. This flaw can result in files created within the container being accessible in the temporary build context directory on the host. The issue arises when an unprivileged user has access to the host during the build, the container build includes long-running steps that delay the removal of the build context, and files are created with overly permissive permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files temporarily present in the build context, especially if those files have been assigned permissive permissions allowing read or write access.

Reproduction

To reproduce this vulnerability, initiate a Podman build process using a Containerfile that includes a RUN command with a bind mount. Incorporate a long-running step, such as a sleep command, which will keep the build context active while the file permissions are set to 4777. During the build, an unprivileged user on the host can access the exposed file before the build context is cleared.

Remediation

Avoid long-running build steps and use RUN --mount=type=secret for sensitive data instead of bind mounts.