microsoft
[BUG] Windows containers on AKS: 8dot3name short filenames resolved
Describe
In AKS v1.23.5 windows containers with containerd containerd://1.6.8+azure, 8dot3name short filenames are resolved.
This is a potential security issue and is unexpected.
To Reproduce
Steps to reproduce the behavior:
Run a test container: kubectl run -it pwshtestcnt7 --image mcr.microsoft.com/dotnet/framework/aspnet:4.8-windowsservercore-ltsc2019 In the test container, run dir /x /a and dir C:\Windows\Server~1.xml PS C:> cd Windows PS C:\Windows> cmd Microsoft Windows [Version 10.0.17763.3406] (c) 2018 Microsoft Corporation. All rights reserved.
C:\Windows>dir /x /a ... C:\Windows>dir Server~1.xml Volume in drive C has no label. Volume Serial Number is D218-B724
Directory of C:\Windows
09/15/2018 07:09 AM 30,874 ServerDataCenterCor.xml 1 File(s) 30,874 bytes 0 Dir(s) 21,224,124,416 bytes free This is reproduced with a number of images in AKS, and is also reproduced in docker-ce on a windows server 2019 vm with docker-ce running with default config.
Expected behavior
The expected behavior is that no file is found when testing 8dot3name short filenames:
C:\Windows>dir Server~1.xml Volume in drive C has no label. Volume Serial Number is 4012-499C
Directory of C:\Windows
File Not Found The expected behavior - file not found - can be reproduced when running docker-ce on a windows 2019 vm with the docker root dir set to a data drive (not windows drive).
Screenshots
None
Environment (please complete the following information):
CLI Version v1.25.2 Kubernetes version v1.23.5
Additional context
This issue can cause a file presence disclosure vulnerability that is present in IIS and widely documented:
Tenable web application scanner PLUGIN ID 112442 https://soroush.secproject.com/blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/
There is more testing on this issue. Shared like below.
- Test into the 1.23.5 AKS with the below images. Runtime is containerd.
- mcr.microsoft.com/dotnet/framework/aspnet:4.8-windowsservercore-ltsc2019 -> There is the 8dot3 name issue.
- mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2019 -> There is no 8dot3 name issue.
- Test into the 1.22.6 AKS with the image 'mcr.microsoft.com/dotnet/framework/aspnet:4.8-windowsservercore-ltsc2019'. Runtime is dockerd. -> There is the 8dot3 name issue.
By default, the 8dot3 name creation is disabled on C: in AKS.
-
Test into the VM. OS is ‘Windows Server 2019 Datacenter’. The container image is 'mcr.microsoft.com/dotnet/framework/aspnet:4.8-windowsservercore-ltsc2019'. Runtime is Docker CE. Docker Root Dir is default setting 'C:\ProgramData\docker'. By default, the 8dot3 name creation is disabled on C: in the VM. -> There is the 8dot3 name issue.
-
Test into the same VM and use the same container image. Runtime is Docker CE. However change the Docker Root Dir to 'E:\docker' or 'C:'. -> There is no 8dot3 name issue.
This issue has been open for 30 days with no updates. , please provide an update or close this issue.
This issue has been open for 30 days with no updates. , please provide an update or close this issue.
This issue has been open for 30 days with no updates. , please provide an update or close this issue.
This issue has been open for 30 days with no updates. @akarshm, please provide an update or close this issue.
![microsoft-github-policy-service[bot] avatar](https://avatars.githubusercontent.com/in/95686?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been open for 30 days with no updates. @akarshm, please provide an update or close this issue.
This issue has been open for 30 days with no updates. @mthalman, please provide an update or close this issue.
This issue has been open for 30 days with no updates. @mthalman, please provide an update or close this issue.
This issue has been open for 30 days with no updates. @mthalman, please provide an update or close this issue.
This issue has been open for 30 days with no updates. @mthalman, please provide an update or close this issue.
This issue has been open for 30 days with no updates. @mthalman, please provide an update or close this issue.
This issue has been open for 30 days with no updates. @mthalman, please provide an update or close this issue.
This issue has been open for 30 days with no updates. @mthalman, please provide an update or close this issue.
This issue has been open for 30 days with no updates. @mthalman, please provide an update or close this issue.
This issue has been open for 30 days with no updates. @mthalman, please provide an update or close this issue.
This issue has been open for 30 days with no updates. @mthalman, please provide an update or close this issue.
This issue has been open for 30 days with no updates. @mthalman, please provide an update or close this issue.
This should not have been assigned to me. This is not specific to the .NET container images (my team) as they do not define this behavior. This functionality is derived from the base Windows images.
@mthalman Thanks for clarifying, I'll get it assigned to the right people.
@Spencer-z Do you see this Issue occurring with just dotnet server core 2019 or also dotnet server core 2022?
Behavior is determined by the host filesystem. I'll try to repro to check if behavior is consistent for 2022.
This issue has been open for 30 days with no updates. no assignees, please provide an update or close this issue.
This issue has been open for 30 days with no updates. no assignees, please provide an update or close this issue.