The recursive bind-mount ownership pass runs as root and is re-applied after every deployment start, including over content the container wrote. It uses chown, which follows symlinks, so a container can plant a symlink inside its bind mount pointing at any host file and have it chowned to the container user on the next start. That is a privilege escalation from container to host.
Fix: chown the link itself (Lchown) during the recursive walk instead of resolving it, and skip symlink targets entirely.
Raised in review of #142.
The recursive bind-mount ownership pass runs as root and is re-applied after every deployment start, including over content the container wrote. It uses chown, which follows symlinks, so a container can plant a symlink inside its bind mount pointing at any host file and have it chowned to the container user on the next start. That is a privilege escalation from container to host.
Fix: chown the link itself (Lchown) during the recursive walk instead of resolving it, and skip symlink targets entirely.
Raised in review of #142.