Skip to content

fix: Security hardening follow-ups and 0.3.0 changelog#145

Merged
nfebe merged 3 commits into
mainfrom
fix/security-followups-and-changelog
Jun 8, 2026
Merged

fix: Security hardening follow-ups and 0.3.0 changelog#145
nfebe merged 3 commits into
mainfrom
fix/security-followups-and-changelog

Conversation

@nfebe

@nfebe nfebe commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Follow-ups that landed after #142 was merged:

nfebe added 3 commits June 8, 2026 02:23
@nfebe
docs: Add 0.3.0 changelog entry
9abd3ae
@nfebe
fix(security): Chown symlinks themselves during mount ownership
2c6a126 
The recursive ownership pass runs as root after every deployment start,
over content the container wrote, and followed symlinks. A container
could plant a link in its bind mount and have any host file chowned to
the container user on the next start. Links are now changed themselves
and their targets left untouched.

Closes #143
@nfebe
fix(security): Remove modulo bias from generated alphanumeric secrets
fdc03a4 
Alphanumeric secret characters were drawn with a modulo over the random
byte, slightly favoring the first characters of the set. Each character
is now drawn uniformly.

Closes #144
@sourceant

sourceant Bot commented Jun 8, 2026

Copy link
Copy Markdown

Code Review Summary

This PR focuses on security hardening and the 0.3.0 release preparations. It addresses a potential host file ownership vulnerability and ensures cryptographic uniformity in secret generation.

🚀 Key Improvements

  • Mitigated symlink attacks by switching from os.Chown to os.Lchown in internal/docker/discovery.go.
  • Eliminated modulo bias in alphanumeric secret generation by using cryptoRand.Int in internal/api/server.go.
  • Added a regression test for symlink handling during mount ownership application.

💡 Minor Suggestions

  • Consider consolidating buffer allocation in the secret generator if more encodings are planned.

sourceant[bot]
sourceant Bot approved these changes Jun 8, 2026
View reviewed changes

@sourceant sourceant Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review complete. No specific code suggestions were generated. See the overview comment for a summary.

@nfebe nfebe merged commit b292f7f into main Jun 8, 2026
5 checks passed
@nfebe nfebe deleted the fix/security-followups-and-changelog branch June 8, 2026 01:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sourceant sourceant[bot] sourceant[bot] approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Generated secrets use modulo-biased alphanumeric encoding Mount ownership pass follows symlinks while chowning as root

1 participant

@nfebe