Summary
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14.
Background
Nomad provides a job template block that instantiates an instance of a template renderer containing a source and destination path. This creates a convenient way to ship configuration files that are populated from environment variables, Consul data, Vault secrets, or just general configurations within a Nomad task. Nomad implements archive unpacking via the artifact block to support this feature.
Details
During scheduled security testing and follow-on work, a vulnerability was identified such that artifact archive unpacking did not validate that symlinks in the archive did not point outside the allocdir.
To protect Nomad client hosts from this attack, Nomad now reads template sources and writes template destination files in a sandboxed subprocess.
- On Linux/Unix, this subprocess is sandboxed via chroot to the allocation directory. This requires that Nomad is running as a privileged process. A non-root Nomad agent will warn that it cannot sandbox the template renderer.
- On Windows, this process is sandboxed via a Windows AppContainer which has been granted access only to the allocation directory. This does not require special privileges on Windows. (Creating symlinks in the first place can be prevented by running workloads as non-Administrator or non-ContainerAdministrator users.)
Affected Products / Versions:
Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3; fixed in Nomad 1.7.4, 1.6.7, 1.5.14.
Remediation
Users should upgrade Nomad to v1.7.4, 1.6.7, or 1.5.15. Upgrading the Nomad clients is sufficient to mitigate the vulnerability, although we recommend keeping Nomad servers and clients on the same version. The mitigation for this can be deactivated by setting client.disable_file_sandbox=true on Nomad client configuration.
This remediation does not protect raw_exec tasks on Windows, which have unrestricted access to the host. The Nomad team strongly recommends against allowing raw_exec tasks with untrusted workloads.
Users on Windows who are running Windows containers with the docker task driver can further protect their clients against this attack by ensuring that Docker containers do not run as the default ContainerAdministrator user, but instead run as the ContainerUser user (which cannot create symlinks).