top | item 43925495

(no title)

DGAP | 9 months ago

Great article!

I also found this open source tool for sandboxing to be useful: https://github.com/bullfrogsec/bullfrog

discuss

mstade|9 months ago

It's pretty depressing that such functionality isn't a core feature of GHA. Seems like low hanging fruit.

cedws|9 months ago

I came across this the other day but I couldn’t really grok how it works. Does it run at a higher privilege level than the workflow or the same? Can a sophisticated enough attack just bypass it?

mdaniel|9 months ago

I spent a few seconds clicking into it before the newfound 429 responses from GitHub caused me to lose interest

I believe a sufficiently sophisticated attacker could unwind the netfilter and DNS change, but in my experience every action that you're taking during a blind attack is one more opportunity for things to go off the rails. The increased instructions (especially ones referencing netfilter and DNS changes) also could make it harder to smuggle in via an obfuscated code change (assuming that's the attack vector)

That's a lot of words to say that this approach could be better than nothing, but one will want to weigh its gains against the onoz of having to keep its allowlist rules up to date in your supply chain landscape

DGAP|9 months ago

Yep, and there's an opt-in to disable sudo which prevents circumvention. However this can break some actions especially ones deployed as Docker images. It also doesn't work with macos.

vin10|9 months ago

Interesting project, I think I just found a way to crash the sandbox, just reported via an advisory.