GHSA-m8j6-rc5x-wv36
nono-py's policy JSON accepts unknown security fields
상세
### Summary
nono-py policy handling could fail open in two ways. First, resolving a policy-derived `ProxyConfig` did not automatically enforce `CapabilitySet.proxy_only`, allowing sandboxed children to bypass a resolved domain allowlist by using direct network access. Second, policy JSON accepted unknown security-sensitive fields, so misspelled or unsupported restrictions could be silently ignored.
### Impact
A sandboxed child may receive broader network access than the policy author intended. This can allow outbound requests outside the configured proxy allowlist and may expose sensitive data depending on the execution environment and workload.
### Older-kernel note
On Linux kernels without Landlock ABI v4 network rules, patched versions continue to support proxy-only enforcement through the seccomp supervisor fallback introduced in 807fb4b. Users on older kernels should ensure policy-resolved proxy configurations are coupled to `CapabilitySet.proxy_only(proxy);` merely injecting proxy environment variables is not sufficient.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/always-further/nono-py/security/advisories/GHSA-m8j6-rc5x-wv36 [WEB]
- https://github.com/nolabs-ai/nono-py/commit/2897ee20df0d75afd298d94840b9d135b3b3a6e9 [WEB]
- https://github.com/nolabs-ai/nono-py/commit/807fb4bce2385b9e88185bf160e0792b588813c7 [WEB]
- https://github.com/always-further/nono-py [PACKAGE]