Helm local code execution via a malicious chart

(github.com)

171 points irke882 | 1 comments | 09 Jul 25 05:49 UTC | HN request time: 1.406s | source

Show context

yelirekim ◴[09 Jul 25 07:03 UTC] No.44507070[source]▶

The original vulnerability description is not worded very well, here's my understanding of what's going on:

1. Attacker crafts a malicious Chart.yaml containing arbitrary code

2. Replaces Chart.lock with a symlink pointing to a sensitive file (like .bashrc or other startup scripts)

3. When you run helm dependency update, Helm processes the malicious Chart.yaml and writes the payload to whatever file the symlink targets

4. Code executes when the targeted file is next used (e.g., opening a new shell)

Why This Works: Helm follows the symlink during the dependency update process without validating the target, allowing arbitrary file writes outside the intended chart directory.

replies(3): >>44507344 #>>44507626 #>>44508238 #

heisenbit ◴[09 Jul 25 07:57 UTC] No.44507344[source]▶

>>44507070 #

Can anyone explain in what setup an attacker who can create a symlink where Chart.lock was could not directly write .bashrc or similar? Is this related to how Git handles symlinks?

replies(3): >>44507386 #>>44508788 #>>44508988 #

1. yelirekim ◴[09 Jul 25 08:04 UTC] No.44507386[source]▶

>>44507344 #

Helm is a program that allows users to creates packages which other users consume. Those packages contain files that are normally generated by Helm itself, but apparently if you alter your package definition by hand you can replace Chart.lock with a symlink.

As I'm typing this it's occurring to me that you probably shouldn't be able to do that. The fix they applied was to prevent the actual write from occurring when trying to write the lockfile and determining that the lockfile is a symlink. They could (should?) also validate that like, the package itself hasn't been screwed with in this manner.

↑