security: fix sandbox escape via env -i LD_PRELOAD Bypass

liqiang-fit2cloud · liqiang-fit2cloud · commit 2d17b08e6b06 · 2026-03-23T17:40:12.000+08:00
diff --git a/.github/workflows/build-and-push-python-pg.yml b/.github/workflows/build-and-push-python-pg.yml
@@ -25,7 +25,7 @@ jobs:
         run: |
           DOCKER_IMAGE=ghcr.io/1panel-dev/maxkb-base
           DOCKER_PLATFORMS=${{ github.event.inputs.architecture }}
-          TAG_NAME=python3.11-pg17.7-20260212
+          TAG_NAME=python3.11-pg17.7-20260323
           DOCKER_IMAGE_TAGS="--tag ${DOCKER_IMAGE}:${TAG_NAME}"
           echo ::set-output name=docker_image::${DOCKER_IMAGE}
           echo ::set-output name=version::${TAG_NAME}
diff --git a/apps/application/flow/backend/sandbox_shell.py b/apps/application/flow/backend/sandbox_shell.py
@@ -62,7 +62,7 @@ def execute(
         if _enable_sandbox:
             # 用 runuser 在子进程里切换用户，父进程凭据保持不变，
             # 避免父进程 ruid/euid 不一致导致 execve 报 Permission denied
-            command = f"runuser -u {_run_user} -- env -i LD_PRELOAD=/opt/maxkb-app/sandbox/lib/sandbox.so PATH=${{PATH}} {command}"
+            command = f"env -i LD_PRELOAD=/opt/maxkb-app/sandbox/lib/sandbox.so PATH=${{PATH}} gosu {_run_user} {command}"
             # command = f"runuser -u {_run_user} -- env -i PATH=${{PATH}} {command}"
 
         # print(f"Executing command in sandbox: {command}")
diff --git a/installer/Dockerfile b/installer/Dockerfile
@@ -6,7 +6,7 @@ RUN cd ui && ls -la && if [ -d "dist" ]; then exit 0; fi && \
     NODE_OPTIONS="--max-old-space-size=4096" npx concurrently "npm run build" "npm run build-chat" && \
     find . -maxdepth 1 ! -name '.' ! -name 'dist' ! -name 'public' -exec rm -rf {} +
 
-FROM ghcr.io/1panel-dev/maxkb-base:python3.11-pg17.7-20260212 AS stage-build
+FROM ghcr.io/1panel-dev/maxkb-base:python3.11-pg17.7-20260323 AS stage-build
 COPY --chmod=700 . /opt/maxkb-app
 RUN apt-get update && \
     apt-get install -y --no-install-recommends gcc g++ gettext libexpat1-dev libffi-dev && \
@@ -24,7 +24,7 @@ RUN gcc -shared -fPIC -o ${MAXKB_SANDBOX_HOME}/lib/sandbox.so /opt/maxkb-app/ins
     rm -rf /opt/maxkb-app/installer
 COPY --from=web-build --chmod=700 ui /opt/maxkb-app/ui
 
-FROM ghcr.io/1panel-dev/maxkb-base:python3.11-pg17.7-20260212
+FROM ghcr.io/1panel-dev/maxkb-base:python3.11-pg17.7-20260323
 ARG DOCKER_IMAGE_TAG=dev \
     BUILD_AT \
     GITHUB_COMMIT
diff --git a/installer/Dockerfile-base b/installer/Dockerfile-base
@@ -28,7 +28,7 @@ RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
     mkdir -p /opt/maxkb-app/sandbox/lib && chmod -R 550 /opt/maxkb-app/sandbox && \
     useradd --no-create-home --home /opt/maxkb-app/sandbox -s /usr/sbin/nologin sandbox -g root && \
     chmod g-rwx /usr/local/bin/* /usr/bin/* /bin/* /usr/sbin/* /sbin/* /usr/lib/postgresql/17/bin/* && \
-    chmod g+xr /usr/bin/ld.so /usr/local/bin/python* `which env` && \
+    chmod g+xr /usr/bin/ld.so /usr/local/bin/python* && \
     chmod -R g-rwx /tmp /var/tmp /var/lock && \
     chmod g+rx /tmp && \
     apt-get clean all && \
