[HN Gopher] Whose code am I running in GitHub Actions?
___________________________________________________________________
Whose code am I running in GitHub Actions?
Author : ingve
Score : 82 points
Date : 2025-03-25 17:17 UTC (5 hours ago)
(HTM) web link (alexwlchan.net)
(TXT) w3m dump (alexwlchan.net)
| dgl wrote:
| Unfortunately this makes a mistake by using a short commit ID:
| "(e.g. a5b3abf)"
|
| That's not a full commit ID, so it can still result in a mutable
| reference if either someone can find a clash[1] or if they can
| push a tag with that name and it takes priority in the context it
| is used (this is somewhat complex, e.g. GitHub prohibits pushes
| of branches and tags which are exactly 40 hex characters long,
| but other services may not).
|
| [1]: https://people.kernel.org/kees/colliding-with-the-sha-
| prefix...
| bewuethr wrote:
| Shortened commit SHAs are actually not supported by Actions; if
| you try, you get
|
| "Unable to resolve action `actions/checkout@11bd719`, the
| provided ref `11bd719` is the shortened version of a commit
| SHA, which is not supported. Please use the full commit SHA
| `11bd71901bbe5b1630ceea73d27597364c9af683` instead."
| chatmasta wrote:
| What if the repository has a tag called 11bd719? Does
| Git/GitHub forbid creation of this tag if a commit exists
| with that prefix?
|
| What if a Git commit is created that matches an existing tag?
| Does Git have a procedure to make a new one? e.g. imagine I
| pregenerate a few million 8 character tags and wait for a
| collision
|
| btw: Even if you specify the full commit SHA, this can still
| be attacked; there have been pre-image attacks against Git
| commit hashes in the past. At least for older versions of
| Git, the algorithm was Sha1. Maybe that's changed but an
| attacker could always construct a malicious repository with
| intentionally weak hashes with the intent of later swapping
| one of them. (But at that point they may as well just push
| the malicious code in the first place.)
| anamexis wrote:
| What is the attack exactly? Only full commit SHAs are valid
| to reference a commit by SHA. GitHub disallows tags and
| branch names that could collide with a full commit SHA.
| There is never any collision between commit SHAs and tags.
| mcintyre1994 wrote:
| I think the hypothetical attack is to create a tag with
| the shortened commit SHA pointing at malicious code, and
| if someone accidentally puts that instead of the full
| commit SHA, maybe Github will serve them that malicious
| tag instead of throwing the error. It sounds like that
| could work if Github doesn't block a tag/branch colliding
| with a shortened commit SHA. I'd guess they probably do
| though?
| anamexis wrote:
| So you would need to specifically write an action
| referencing an invalid short SHA, which would not work
| and the action would fail, and then wait for an attacker
| to push an action with that tag name, and then run your
| action which has thus far been failing because of the
| invalid reference?
| mcintyre1994 wrote:
| You'd push the tag at the same time you push the commit.
| If anyone tries to reference your action and accidentally
| copies the shortened commit SHA instead of the full
| commit SHA, they'll reference the malicious tag instead.
| They'd never see it fail, they'd just silently pick up
| the malicious tag. But again I'm guessing Github will
| block that shortened commit SHA as a tag and this
| wouldn't actually work.
| anamexis wrote:
| No, I don't think Github blocks shortened commit SHAs as
| tags.
| chatmasta wrote:
| How could they? They can't block every 8 character tag.
| And you can push the tag before you push the commit. (You
| know which short sha to impersonate because you can see
| it locally.)
| password4321 wrote:
| So just so I'm clear based on what you've mentioned, even the
| policy prohibiting 40 hex character tags isn't doing anything
| to stop a tage the same as the short commit ID?
|
| Also, per this comment on a previous discussion on this
| incident at
| https://news.ycombinator.com/item?id=43367987#43369710:
|
| > _the real renovate bot immediately took the exfiltration
| commit from the fake renovate bot and started auto-merging it_
| (updating full SHA1 references)
| dietrichepp wrote:
| I just started using GitHub Actions for a personal project, and
| as you do, I trawled HN for opinions on how to use it.
|
| At first I built a workflow out of steps published on GitHub. Use
| ilammy/mms-dev-cmd, lukka/get-cmake, lukka/run-vcpkg, all to
| build a project with CMake for Windows targets. Of course I
| referred to actions by SHA like you should uses:
| ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756
|
| But one comment stuck with me. Something like, "You should just
| run your own code on GitHub Actions, rather than piecing it
| together from publicly available actions." That made a lot of
| sense. I ended up writing a driver program for my personal
| project's CI builds. One job builds the driver program, and then
| the next job runs the driver program to do the entire build.
|
| I wouldn't do this if I were getting paid for it... it's more
| time-consuming. But it means that I am only minimally tied to
| GitHub actions. I can run the build driver from my own computer
| easily enough.
| timewizard wrote:
| I use Actions merely as a way to trigger a custom Webhook. Then
| I do everything on the server that receives the hook with my
| own code. I hate YAML that much.
| dietrichepp wrote:
| What I _want_ is something like "please run this command on a
| server somewhere when event X happens". Seems like the
| options are along the lines of:
|
| 1. SaaS CI/CD products, like GitHub Actions,
|
| 2. Run your own Jenkins cluster,
|
| 3. Figure out how to orchestrate cloud resources to do this
| for you.
|
| Maybe there are easy options that I'm missing. I don't really
| want to create docker containers just to build some program
| I'm working on.
| arccy wrote:
| why not just use regular GitHub webhooks...
| Jenk wrote:
| This has been in GH's docs on security hardening for a while[0],
| and I can't recall which tool it was, but I have seen reports
| that warn when not using SHAs. Pretty sure there was a linter
| that would even show the warning in my neovim setup that uses
| some kind of gh action LSP, but it has been a minute.
|
| [0]: https://docs.github.com/en/actions/security-for-github-
| actio...
| jtj606 wrote:
| Testing for unpinned actions is supported in CodeQL, the
| security-extended suite
| password4321 wrote:
| This article appears to be in response to the linked _Tj-actions
| /changed-files GitHub Action Compromised - used by over 23K
| repos_ discussed at https://news.ycombinator.com/item?id=43367987
| 10 days ago; not a duplicate as it discusses a detection tool but
| perhaps it rhymes.
| bdcravens wrote:
| Github Actions is definitely a vector for abuse.
|
| I was looking at Seleniumbase recently, and they tell you that
| you can use Github Actions for web scraping to bypass a lot of
| blocks (apparently Github Actions use a residential IP-space)
|
| https://seleniumbase.com/new-video-unlimited-free-web-scrapi...
| spaceywilly wrote:
| This does not bode well for genetic AI
| bri3d wrote:
| They don't use a residential IP space; they use Azure Data
| Center (which, being less popular, isn't blocked as often as
| for example EC2).
| bastardoperator wrote:
| I've found this to be a problem that a lot CI providers suffer
| from. They allow extension via third party code which is
| awesome, people write useful code, a lot of that useful code
| doesn't get maintained properly or ever, rots, and eventually
| everyone has a security issue.
|
| You can also see the GitHub IP space here, I don't think it's
| "residential", unless that terminology includes azure and aws?:
| https://api.github.com/meta
| bdcravens wrote:
| I'm not sure. Perhaps when you call a browser it's going
| through another network? I haven't tested this for myself,
| only going off of of what was reported by that project.
| bastardoperator wrote:
| Maybe it was a self hosted runner? I run those locally all
| the time.
| Marsymars wrote:
| This seems like a wild thing for a third-party project to
| promote. The intention of GitHub Actions to run CI/CD and other
| repository-related tasks. You'd never see, for instance, Adobe
| promoting, via YouTube, "unlimited free web OCR with Adobe CLI
| on GitHub Actions!"
|
| I've never heard of Seleniumbase, but this makes them _look_
| like a rinky-dink project.
| dylan604 wrote:
| That's the whole point of hacking is to use something in a
| way unintended by its maker. That could be for something
| cool/interesting, or it could be for something nefarious.
| Nobody ever thought a coffee maker should run Doom, but they
| do. Not sure if there's a morality clause type of dis-
| qualifier for a Show HN, but there's a lot of people that
| would be interested in seeing how something benign was used
| for a different purpose. Especially if if saved them
| money/compute/time/resources/etc.
| meltyness wrote:
| Network enabled compute is definitely an unusual free lunch,
| but I suppose the trade off is handing out free source code.
| mmmaantu wrote:
| SHA pinning won't necessarily help if the dependency you are
| pinning doesn't pin its own dependencies! You still get stuff
| pulled via vulnerable tags etc. How long till we get this
| https://github.com/github/roadmap/issues/592 ...
| sepositus wrote:
| Yes, this is a crucial distinction to make. The fact of the
| matter is that you have to treat GitHub Actions like a
| compromised system. Sure, there's not a ton of steps you can
| take for protecting builds if it's your primary builder, but
| you can for example not hook up an AWS account with full admin
| privileges to it (which I've seen more times than I would have
| like to).
| thenaturalist wrote:
| Thanks for highlighting this open issue.
|
| The fact they've been stalling this for a good 2.5 years is...
| insane??
| ohgr wrote:
| This is a minor worry when the entire software ecosystem is based
| on "download any old shit off the Internet at run it".
| donatj wrote:
| > At a glance, this looks like an immutable reference to an
| already-released "version 2" of this action, but actually this is
| a mutable Git tag. If somebody changes the v2 tag in the tj-
| actions/changed-files repo to point to a different commit, this
| action will run different code the next time it runs.
|
| The worst part of this is that this is BY DESIGN.
|
| I maintain a small handful of actions. You are expected to, as an
| action maintainer DELETE and RETAG your major versions when you
| release a new minor or patch version. That is to say for instance
| your v2 tag should point to the same commit as your latest 2.x.x
| tag.
|
| Not everyone does this mind you, but this is the default and the
| expected way of operating.
|
| I was frankly kind of taken aback when I learned this. I know for
| a fact documentation of this used to exist, but I am failing to
| find it currently.
|
| You can see GitHub themselves however doing _exactly this_ here,
| with the v4 and v4.2.2 tags matching here (as of today, v4 will
| move in future)
|
| https://github.com/actions/checkout/tags
| r3tr0 wrote:
| we have a tool that does this and more...
|
| it is as easy as running the action and writing a SQL query.
|
| https://yeet.cx/blog/audit-actions-runner/
|
| can also play with it using:
|
| https://yeet.cx/play
___________________________________________________________________
(page generated 2025-03-25 23:00 UTC)