Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removed allow_other vulnerability preventing google-batch submissions #4332

Merged
merged 3 commits into from
Sep 21, 2023
Merged

Removed allow_other vulnerability preventing google-batch submissions #4332

merged 3 commits into from
Sep 21, 2023

Conversation

baprice
Copy link
Contributor

@baprice baprice commented Sep 21, 2023

Fixes #4331

-o allow_other as a gcsfuse option creates a potential shell injection vulnerability.

As a result, current process.executor = google-batch submissions are being rejected with the error:

ERROR ~ Error executing process > 'splitLetters'

Caused by:
  INVALID_ARGUMENT: volume.mount_options field is invalid. mount_option -o rw,allow_other has potential shell injection, please check again.


 -- Check '.nextflow.log' file for details

Removing allow_other corrects this.

@netlify
Copy link

netlify bot commented Sep 21, 2023
edited
Loading

Deploy Preview for nextflow-docs-staging canceled.

Name Link
🔨 Latest commit b84ce68
🔍 Latest deploy log https://app.netlify.com/sites/nextflow-docs-staging/deploys/650ca636d165210008472bd3

pditommaso
pditommaso requested changes Sep 21, 2023
View reviewed changes
Copy link
Member

@pditommaso pditommaso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this patch. However the corresponding test should be fixed as well

@baprice baprice requested a review from pditommaso September 21, 2023 21:01
pditommaso
pditommaso approved these changes Sep 21, 2023
View reviewed changes
Copy link
Member

@pditommaso pditommaso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All green! Thanks for submitting this patch

@pditommaso pditommaso merged commit 9b3741e into nextflow-io:master Sep 21, 2023
@baprice baprice deleted the mountOption_fix branch September 21, 2023 21:10
pditommaso pushed a commit that referenced this pull request Sep 25, 2023
@baprice @pditommaso
Fix allow_other vulnerability preventing google-batch submissions (#4332
4895d54 
)
abhi18av pushed a commit to abhi18av/nextflow that referenced this pull request Oct 28, 2023
@baprice @abhi18av
Fix allow_other vulnerability preventing google-batch submissions (ne…
caae8df 
…xtflow-io#4332)
@JohnWalshTempus JohnWalshTempus mentioned this pull request Apr 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pditommaso pditommaso pditommaso approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Google Batch submissions being rejected due to mount_option vulnerability
2 participants
@baprice @pditommaso