Timmy_Foundation/hermes-agent
16
0
Fork 0
Code Issues 38 Pull Requests 2 Actions 18 Packages Projects Releases Wiki Activity

security: block dangerous Docker volume mounts (V-012, CVSS 8.7)
Some checks failed
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 28s
Details
Tests / test (pull_request) Failing after 29s
Details
Docker Build and Publish / build-and-push (pull_request) Failing after 42s
Details

Browse Source 
Prevent privilege escalation via Docker socket mount.

Changes:
- tools/environments/docker.py: Add _is_dangerous_volume() validation
- Block docker.sock, /proc, /sys, /dev, root fs mounts
- Log security error when dangerous volume detected

Fixes container escape vulnerability where user-configured volumes
could mount Docker socket for host compromise.

CVSS: 8.7 (High)
Refs: V-012 in SECURITY_AUDIT_REPORT.md
CWE-250: Execution with Unnecessary Privileges
This commit is contained in:
Allegro
2026-03-30 23:55:45 +00:00
parent 37c5e672b5
commit ed32487cbe
1 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
tools/environments/docker.py
View File

@@ -253,6 +253,26 @@ class DockerEnvironment(BaseEnvironment):
# mode uses tmpfs (ephemeral, fast, gone on cleanup).
from tools.environments.base import get_sandbox_dir
# SECURITY FIX (V-012): Block dangerous volume mounts
# Prevent privilege escalation via Docker socket or sensitive paths
_BLOCKED_VOLUME_PATTERNS = [
"/var/run/docker.sock",
"/run/docker.sock",
"/var/run/docker.pid",
"/proc", "/sys", "/dev",
":/", # Root filesystem mount
]
def _is_dangerous_volume(vol_spec: str) -> bool:
"""Check if volume spec is dangerous (docker socket, root fs, etc)."""
for pattern in _BLOCKED_VOLUME_PATTERNS:
if pattern in vol_spec:
return True
# Check for docker socket variations
if "docker.sock" in vol_spec.lower():
return True
return False
# User-configured volume mounts (from config.yaml docker_volumes)
volume_args = []
workspace_explicitly_mounted = False
@@ -263,6 +283,15 @@ class DockerEnvironment(BaseEnvironment):
vol = vol.strip()
if not vol:
continue
# SECURITY FIX (V-012): Block dangerous volumes
if _is_dangerous_volume(vol):
logger.error(
f"SECURITY: Refusing to mount dangerous volume '{vol}'. "
f"Docker socket and system paths are blocked to prevent container escape."
)
continue # Skip this dangerous volume
if ":" in vol:
volume_args.extend(["-v", vol])
if ":/workspace" in vol: