Skip to content

fix: add target path validation for fill disk attacks #375

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
joshiste wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: add target path validation for fill disk attacks #375

joshiste wants to merge 2 commits into from
+44 −3

Conversation

@joshiste
Copy link
Member

@joshiste joshiste commented Feb 12, 2026
edited
Loading

Summary

  • Make mount failure a hard error in createBundle — previously it silently continued, causing the fill to write to the sidecar's own filesystem instead of the target
  • Add CheckPathWritableRunc and CheckPathWritableProcess functions that verify the target directory exists and is writable before the fill disk attack starts
  • Extensions call these checks in their Prepare method so users get an immediate, clear error instead of confusing failures during the attack

Test plan

  • go vet ./... passes
  • go test ./diskfill/... passes
  • E2e tests in extension-container and extension-host pass with the new checks

@joshiste
fix: make mount failure a hard error in diskfill createBundle
5342002 
A silent mount failure causes the fill to write to the sidecar's own
filesystem instead of the target, which is wrong behavior that should
fail fast.
@joshiste
feat: add target path validation for fill disk attacks
7a02e96 
Add CheckPathWritableRunc and CheckPathWritableProcess functions that
verify the target directory exists and is writable before starting the
fill. The runc variant creates a short-lived sidecar in the target's
mount namespace; the process variant uses direct commands. Both clean
up after themselves.
@joshiste joshiste mentioned this pull request Feb 12, 2026
Open
3 tasks
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 12, 2026

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@joshiste joshiste mentioned this pull request Feb 12, 2026
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@joshiste