From dce0cc25ac4fab8df49995ab535e48dd958b15b1 Mon Sep 17 00:00:00 2001 From: Drew Newberry Date: Wed, 11 Mar 2026 21:28:50 -0700 Subject: [PATCH 1/2] chore: add openssh-sftp-server and procps to base sandbox image These packages are required for VS Code and Cursor remote SSH connections to function properly (SFTP file transfer, process inspection). --- sandboxes/base/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sandboxes/base/Dockerfile b/sandboxes/base/Dockerfile index 78b51e7..bfe36d8 100644 --- a/sandboxes/base/Dockerfile +++ b/sandboxes/base/Dockerfile @@ -31,6 +31,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ iputils-ping \ net-tools \ netcat-openbsd \ + openssh-sftp-server \ + procps \ python3 \ python3-pip \ python3-venv \ From 03828fb8edb8fbb9166976c94fd55cba2a8efcfb Mon Sep 17 00:00:00 2001 From: Drew Newberry Date: Wed, 11 Mar 2026 21:35:13 -0700 Subject: [PATCH 2/2] fix: address high-severity vulnerabilities in sandbox images - base: force-upgrade tar@7.5.11 to fix 6 CVEs (GHSA-qffp, GHSA-9ppj, GHSA-8qq5, GHSA-r6q2, GHSA-34x7, GHSA-83g3) - openclaw: pin openclaw@2026.3.7 to fix auth material leak and cross-origin header forwarding (GHSA-rchv, GHSA-6mgf) - nemoclaw: force-upgrade @hono/node-server@1.19.11 to fix authorization bypass via encoded slashes (GHSA-wc8c) --- sandboxes/base/Dockerfile | 5 +++++ sandboxes/nemoclaw/Dockerfile | 3 +++ sandboxes/openclaw/Dockerfile | 4 ++-- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/sandboxes/base/Dockerfile b/sandboxes/base/Dockerfile index bfe36d8..986dc22 100644 --- a/sandboxes/base/Dockerfile +++ b/sandboxes/base/Dockerfile @@ -56,6 +56,11 @@ RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - && \ nano \ && rm -rf /var/lib/apt/lists/* +# Fix transitive tar vulnerabilities (GHSA-qffp-2rhf-9h96, +# GHSA-9ppj-qmqm-q256, GHSA-8qq5-rm4j-mr97, GHSA-r6q2-hw4h-h46w, +# GHSA-34x7-hfp2-rc4v, GHSA-83g3-92jg-28cx). +RUN npm install -g tar@7.5.11 + # GitHub CLI RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \ -o /usr/share/keyrings/githubcli-archive-keyring.gpg && \ diff --git a/sandboxes/nemoclaw/Dockerfile b/sandboxes/nemoclaw/Dockerfile index 5b91c7d..c19d87b 100644 --- a/sandboxes/nemoclaw/Dockerfile +++ b/sandboxes/nemoclaw/Dockerfile @@ -27,6 +27,9 @@ COPY policy-proxy.js /usr/local/lib/policy-proxy.js COPY proto/ /usr/local/lib/nemoclaw-proto/ RUN npm install -g @grpc/grpc-js @grpc/proto-loader js-yaml +# Fix @hono/node-server authorization bypass (GHSA-wc8c-qw6v-h7f6) +RUN npm install -g @hono/node-server@1.19.11 + # Allow the sandbox user to read the default policy (the startup script # copies it to a writable location; this chown covers non-Landlock envs) RUN chown -R sandbox:sandbox /etc/navigator diff --git a/sandboxes/openclaw/Dockerfile b/sandboxes/openclaw/Dockerfile index 36e53a0..cbd8761 100644 --- a/sandboxes/openclaw/Dockerfile +++ b/sandboxes/openclaw/Dockerfile @@ -14,8 +14,8 @@ FROM ${BASE_IMAGE} USER root -# Install OpenClaw CLI -RUN npm install -g openclaw +# Install OpenClaw CLI (pinned to fix GHSA-rchv-x836-w7xp, GHSA-6mgf-v5j7-45cr) +RUN npm install -g openclaw@2026.3.7 # Copy sandbox policy COPY policy.yaml /etc/navigator/policy.yaml