[MEDIUM] Docker SSH force command uses eval for command execution #26

New issue

Open

opened 2026-05-05 15:44:48 -05:00 by pjennings · 0 comments

pjennings commented 2026-05-05 15:44:48 -05:00

Owner

Copy link

Labels: area:security, area:containers, priority:medium, type:bug

Description

In modules/profiles/containers/default.nix line 19, the docker SSH validator uses:
eval ""

While the case statement restricts matching to docker/scp/sftp commands, eval could potentially be exploited through command chaining or shell metacharacters.

Impact

Carefully crafted SSH_ORIGINAL_COMMAND could bypass the allowlist through shell injection.

Recommended Fix

Replace eval with direct execution of matched commands. Whitelist specific command patterns more strictly without shell interpolation.

**Labels:** area:security, area:containers, priority:medium, type:bug ## Description In modules/profiles/containers/default.nix line 19, the docker SSH validator uses: eval "" While the case statement restricts matching to docker/scp/sftp commands, eval could potentially be exploited through command chaining or shell metacharacters. ## Impact Carefully crafted SSH_ORIGINAL_COMMAND could bypass the allowlist through shell injection. ## Recommended Fix Replace eval with direct execution of matched commands. Whitelist specific command patterns more strictly without shell interpolation.

pjennings added this to the Security: Medium and Low Findings milestone 2026-05-06 16:47:29 -05:00

pjennings added the

area:security

priority:medium

type:bug

status:blocked

labels 2026-05-06 16:49:27 -05:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

indev

No results found.

Labels

Clear labels   

area:documentation

Documentation, inventory, runbooks

  

area:infrastructure

Infrastructure services and hardware

  

area:network

Network, firewall, and connectivity

  

area:security

Security vulnerabilities and findings

  

priority:critical

Fix immediately — active risk

  

priority:high

Fix within 1-2 weeks

  

priority:low

Backlog — hardening and best practices

  

priority:medium

Fix within 1 month

  

status:blocked

Blocked on dependency or decision

  

type:bug

Misconfiguration or broken behavior

  

type:deployment

New service or system deployment

  

type:enhancement

Improvement or hardening

  

type:investigation

Needs research or identification

No labels

area:documentation

area:infrastructure

area:network

area:security

priority:critical

priority:high

priority:low

priority:medium

status:blocked

type:bug

type:deployment

type:enhancement

type:investigation

Milestone

Clear milestone

No items

No milestone

Security: Medium and Low Findings

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

reinitialized.net/infrastructure#26

No description provided.