Skip to content

Commit b6cff01

Browse files
Mossakaclaude
andcommitted
fix(security): remove host /proc mount from chroot mode
Host /proc exposes sensitive information including environment variables of all host processes (which may contain secrets like API keys). This is an unnecessary security risk since most language runtimes work without /proc access. - Remove /proc:/host/proc:ro mount from chroot mode - Update tests to assert /proc is NOT mounted - Update documentation to remove /proc references Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent e5ecbbc commit b6cff01

5 files changed

Lines changed: 5 additions & 22 deletions

File tree

docs-site/src/content/docs/reference/security-architecture.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -318,7 +318,6 @@ A common question: "If the command runs in the host filesystem, doesn't it escap
318318
| Aspect | Impact | Mitigation |
319319
|--------|--------|------------|
320320
| **Host $HOME access** | Can read `.ssh/`, `.aws/` | Use env vars for secrets, not files |
321-
| **Host /proc visible** | Can enumerate processes | Read-only, cannot modify |
322321
| **DNS override** | Host's resolv.conf modified | Backup created, restored on exit |
323322

324323
### When to Use Chroot Mode

docs/chroot-mode.md

Lines changed: 0 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,6 @@ In chroot mode, selective paths are mounted for security instead of the entire f
142142
| `/etc/ca-certificates` | `/host/etc/ca-certificates:ro` | CA certificates |
143143
| `/etc/passwd` | `/host/etc/passwd:ro` | User lookup |
144144
| `/etc/group` | `/host/etc/group:ro` | Group lookup |
145-
| `/proc` | `/host/proc:ro` | Process info (read-only) |
146145

147146
### Read-Write Mounts
148147

@@ -214,7 +213,6 @@ Linux namespaces operate independently:
214213
| Risk | Severity | Description | Mitigation |
215214
|------|----------|-------------|------------|
216215
| Host file access | HIGH | `$HOME` is read-write | CI/CD secrets should use env vars, not files |
217-
| /proc visibility | MEDIUM | Can enumerate host processes | Read-only mount, cannot modify |
218216
| DNS override | LOW | Host's `/etc/resolv.conf` temporarily modified | Backup created, restored on exit |
219217
| /dev visibility | LOW | Device nodes visible | Read-only, cannot create new devices |
220218

@@ -235,21 +233,6 @@ With chroot mode, the agent can read/write to the user's home directory:
235233
- Use short-lived tokens (`GITHUB_TOKEN` expires)
236234
- Consider what files exist on your runners
237235

238-
### Process Visibility
239-
240-
Inside the chroot, `/proc` shows host processes:
241-
242-
```bash
243-
# Inside chroot
244-
ls /proc/
245-
1 2 3 ... # Host PIDs visible
246-
247-
cat /proc/1/cmdline
248-
/sbin/init # Host's init process
249-
```
250-
251-
**Mitigation**: `/proc` is mounted read-only. Cannot modify kernel parameters or send signals to host processes.
252-
253236
### DNS Configuration
254237

255238
The container copies its DNS configuration to the host:

src/docker-manager.test.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -546,7 +546,8 @@ describe('docker-manager', () => {
546546
expect(volumes).toContain('/opt:/host/opt:ro');
547547

548548
// Should include special filesystems (read-only)
549-
expect(volumes).toContain('/proc:/host/proc:ro');
549+
// NOTE: /proc is NOT mounted to prevent exposure of host process environment variables
550+
expect(volumes).not.toContain('/proc:/host/proc:ro');
550551
expect(volumes).toContain('/sys:/host/sys:ro');
551552
expect(volumes).toContain('/dev:/host/dev:ro');
552553

src/docker-manager.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -419,9 +419,9 @@ export function generateDockerCompose(
419419
// /opt/hostedtoolcache contains Python, Node, Ruby, Go, Java, etc.
420420
agentVolumes.push('/opt:/host/opt:ro');
421421

422-
// Special filesystem mounts for chroot (needed for process info, devices)
422+
// Special filesystem mounts for chroot (needed for devices)
423+
// NOTE: /proc is NOT mounted to prevent exposure of host process environment variables
423424
agentVolumes.push(
424-
'/proc:/host/proc:ro', // Read-only proc for runtime info
425425
'/sys:/host/sys:ro', // Read-only sysfs
426426
'/dev:/host/dev:ro', // Read-only device nodes (needed by some runtimes)
427427
);

src/types.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -338,7 +338,7 @@ export interface WrapperConfig {
338338
* - /usr, /bin, /sbin, /lib, /lib64 - System binaries and libraries
339339
* - /opt - Tool cache (Python, Node, Ruby, Go, Java from GitHub runners)
340340
* - /etc/ssl, /etc/ca-certificates, /etc/alternatives, /etc/ld.so.cache - Runtime config
341-
* - /proc, /sys, /dev - Special filesystems for runtime info
341+
* - /sys, /dev - Special filesystems for runtime info (NOT /proc - security)
342342
*
343343
* Mounted paths (read-write):
344344
* - $HOME - User home directory for project files and Rust/Cargo

0 commit comments

Comments
 (0)