security: Mythos AI-scan fixes batch 2 (KUBE-34, KUBE-32)#589
Merged
Conversation
The RHEL KMM driver-build template passed the Red Hat subscription password via subscription-manager --password inside a RUN layer, which would expose the credential in the build ConfigMap, process table, image history, and logs (and the ; exit 0 suffix masked registration failures). The path was already disabled: the "rhel" case in resolveDockerfile was commented out, DockerfileTemplate.rhel was not go:embed'd or referenced, and the RedhatSubscription* CRD fields it read no longer exist, so osDistro == "rhel" already falls through to "not supported OS". No live code path could leak the credential. Per team confirmation RHEL support is not being revived, so remove the dead template file and the stale commented-out block rather than hardening an unreachable path.
…UBE-32) The KMM driver-build templates fetch the apt/dnf GPG trust root from a URL that can be supplied via DeviceConfig (spec.driver.imageBuild.gpgKeyURL, packageRepoURL, amdgpuInstallerRepoURL). Since that key verifies the amdgpu packages for a ring-0 kernel module on every node, controlling it is high impact. This is by design, not a defect: these are optional fields added for custom-mirror / air-gapped installs (ROCm#540), and the only actor who can set them is someone with write access to DeviceConfig, who already controls the driver's package source. The scan's recommended fix (reject a CR-supplied key URL) would break the air-gapped feature. Rather than change behavior, document the trust model on the three URL fields: they are trusted, privileged build inputs; DeviceConfig write access should be treated as control over the driver's package source / trust root and granted only to trusted admins; prefer https URLs you control. Regenerated the CRD, helm CRD, and CSV descriptors to match.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Second batch of fixes for the Mythos AI security-scan findings against this repo. Two self-contained commits.
KUBE-34 — the RHEL KMM driver-build template passed the Red Hat subscription password via
subscription-manager --passwordinside aRUNlayer (exposed in the build ConfigMap, process table, image history, and logs;; exit 0masked failures). The path was already dead: the"rhel"case inresolveDockerfilewas commented out,DockerfileTemplate.rhelwas not embedded or referenced, and theRedhatSubscription*CRD fields it read no longer exist, soosDistro == "rhel"already fell through to "not supported OS". Per team confirmation RHEL support is not being revived, so the dead template and commented block are removed rather than hardening an unreachable path.KUBE-32 — the KMM driver-build templates fetch the apt/dnf GPG trust root from a URL that can be supplied via
DeviceConfig(gpgKeyURL/packageRepoURL/amdgpuInstallerRepoURL). This is by design: these are optional fields for custom-mirror / air-gapped installs, and the only actor who can set them already controls the driver's package source via DeviceConfig write access. The scan's suggested fix (reject a CR-supplied key URL) would break air-gapped support. Rather than change behavior, the trust model is now documented on the three fields, and the CRD / helm CRD / CSV descriptors are regenerated to match.Test plan
go build ./...,go vet ./internal/kmmmodule/, andgo test ./internal/kmmmodule/pass (KUBE-34)make manifests+make bundle-build;operator-sdk bundle validate ./bundlepasses (KUBE-32)