Problem
Two security issues in secret/config materialization:
-
SEC-006 (engine/volume.rs:126,200): std::env::var(env_var).unwrap_or_default() silently produces a zero-byte secret file when the env var is unset. A zero-byte secret allows unauthenticated access wherever the secret is used as a credential.
-
SEC-008 (engine/staging.rs): apply_mode accepts mode: 0o777 (or any world-readable value) without validation. This downgrades a secret file to world-readable.
Fix
- Return
Err(ComposeError::Unsupported(...)) when the env var is not set.
- Reject any mode where
mode & 0o004 != 0 (world-readable) or mode & 0o040 != 0 (group-readable).
Problem
Two security issues in secret/config materialization:
SEC-006 (
engine/volume.rs:126,200):std::env::var(env_var).unwrap_or_default()silently produces a zero-byte secret file when the env var is unset. A zero-byte secret allows unauthenticated access wherever the secret is used as a credential.SEC-008 (
engine/staging.rs):apply_modeacceptsmode: 0o777(or any world-readable value) without validation. This downgrades a secret file to world-readable.Fix
Err(ComposeError::Unsupported(...))when the env var is not set.mode & 0o004 != 0(world-readable) ormode & 0o040 != 0(group-readable).