Reject symlink components in InjectEnvFile

JAORMX · claude · JAORMX · commit 7e81e1f1e027 · 2026-04-16T20:40:57.000+03:00
Last of the Inject* file-writing helpers. Same treatment as
InjectAuthorizedKeys and InjectFile: MkdirAllNoSymlink for parent
dirs, ValidateNoSymlinkLeaf for the target, O_NOFOLLOW on open.

Tests cover parent-as-symlink and leaf-as-symlink variants.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/hooks/hooks.go b/hooks/hooks.go
@@ -192,10 +192,13 @@ func InjectEnvFile(guestPath string, envMap map[string]string) func(string, *ima
 		if err != nil {
 			return fmt.Errorf("validate path %s: %w", guestPath, err)
 		}
-		if err := os.MkdirAll(filepath.Dir(dst), 0o755); err != nil {
+		if err := image.MkdirAllNoSymlink(rootfsPath, filepath.Dir(dst), 0o755); err != nil {
 			return fmt.Errorf("create parent dirs for %s: %w", guestPath, err)
 		}
-		if err := os.WriteFile(dst, []byte(buf.String()), 0o600); err != nil {
+		if err := image.ValidateNoSymlinkLeaf(dst); err != nil {
+			return fmt.Errorf("validate %s: %w", guestPath, err)
+		}
+		if err := writeFileNoFollow(dst, []byte(buf.String()), 0o600); err != nil {
 			return fmt.Errorf("write %s: %w", guestPath, err)
 		}
 		return nil
diff --git a/hooks/hooks_test.go b/hooks/hooks_test.go
@@ -390,6 +390,45 @@ func TestInjectEnvFile_RejectsPathTraversal(t *testing.T) {
 	assert.Contains(t, err.Error(), "path traversal")
 }
 
+func TestInjectEnvFile_RejectsSymlinkComponents(t *testing.T) {
+	t.Parallel()
+
+	t.Run("parent directory is a symlink", func(t *testing.T) {
+		t.Parallel()
+
+		rootfs := t.TempDir()
+		outside := t.TempDir()
+		stageSymlink(t, rootfs, "etc", outside)
+
+		hook := InjectEnvFile("/etc/env", map[string]string{"FOO": "bar"})
+		err := hook(rootfs, nil)
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "symlink")
+
+		_, statErr := os.Stat(filepath.Join(outside, "env"))
+		assert.True(t, os.IsNotExist(statErr), "must not write under symlink target")
+	})
+
+	t.Run("leaf is a symlink to a host file", func(t *testing.T) {
+		t.Parallel()
+
+		rootfs := t.TempDir()
+		require.NoError(t, os.MkdirAll(filepath.Join(rootfs, "etc"), 0o755))
+
+		victim := filepath.Join(t.TempDir(), "victim")
+		require.NoError(t, os.WriteFile(victim, []byte("original"), 0o600))
+		require.NoError(t, os.Symlink(victim, filepath.Join(rootfs, "etc", "env")))
+
+		hook := InjectEnvFile("/etc/env", map[string]string{"FOO": "evil"})
+		err := hook(rootfs, nil)
+		require.Error(t, err)
+
+		got, readErr := os.ReadFile(victim)
+		require.NoError(t, readErr)
+		assert.Equal(t, "original", string(got), "victim must not be overwritten")
+	})
+}
+
 // failingChown returns a ChownFunc that returns an error when the path
 // ends with the given suffix, and succeeds otherwise.
 func failingChown(pathSuffix string) ChownFunc {

Original file line number	Diff line number	Diff line change
`@@ -192,10 +192,13 @@ func InjectEnvFile(guestPath string, envMap map[string]string) func(string, *ima`
`192`	`192`	`if err != nil {`
`193`	`193`	`return fmt.Errorf("validate path %s: %w", guestPath, err)`
`194`	`194`	`}`
`195`		`- if err := os.MkdirAll(filepath.Dir(dst), 0o755); err != nil {`
	`195`	`+ if err := image.MkdirAllNoSymlink(rootfsPath, filepath.Dir(dst), 0o755); err != nil {`
`196`	`196`	`return fmt.Errorf("create parent dirs for %s: %w", guestPath, err)`
`197`	`197`	`}`
`198`		`- if err := os.WriteFile(dst, []byte(buf.String()), 0o600); err != nil {`
	`198`	`+ if err := image.ValidateNoSymlinkLeaf(dst); err != nil {`
	`199`	`+ return fmt.Errorf("validate %s: %w", guestPath, err)`
	`200`	`+ }`
	`201`	`+ if err := writeFileNoFollow(dst, []byte(buf.String()), 0o600); err != nil {`
`199`	`202`	`return fmt.Errorf("write %s: %w", guestPath, err)`
`200`	`203`	`}`
`201`	`204`	`return nil`