cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon devcontainers

Dependency confusion attack from looking for manifest in docker.io first

Open DrewDevereux opened this issue 1 year ago • 2 comments

This block of code assumes that any image name with only one slash in it cannot possibly be a fully qualified image name, and therefore prepends docker.io/ to the name.

Thus, if I specify a Dockerfile with

FROM artefact.example.com/my_image:1.2.3

then this CLI first looks for a manifest at docker.io/artefact.example.com/my_image:1.2.3.

This concerns me. It feels like an invitation to a dependency confusion attack. Someone could create an "artefact.example.com" organization on docker.io, publish a malicious image named "my_image:1.2.3", and this CLI would pull that instead of what I specified.

DrewDevereux avatar Apr 25 '24 12:04 DrewDevereux

@joshspicer Do you know if there is a specific way to detect if the first segment is a hostname?

We recently used the heuristic of checking if the first segment has a dot or is 'localhost' to detect this. That might be better than the code referred to here: https://github.com/devcontainers/cli/blob/be1f2034e10395f42843ebf26600a42e11e66531/src/spec-node/containerFeatures.ts#L449

chrmarti avatar May 08 '24 08:05 chrmarti

I did a quick scan of the moby repo and found this, which seems to also be using the segment and dot trick: https://github.com/moby/moby/blob/4554d871d70bd055a0faa3ed595419ec4dc50406/registry/search.go#L145-L155

joshspicer avatar May 08 '24 16:05 joshspicer