conversion: mention the potential risks of blindly copying annotations

cyphar · cyphar · commit b27a7b8650f5 · 2023-05-13T02:18:57.000+10:00
While the ability to copy arbitrary container labels into the generated
runtime-spec is a very useful feature, it needs to be mentioned that
some runtime-spec annotations (such as "org.systemd.property.*" and
"run.oci.hooks.*") can allow an image to cause runtimes to either
configure an insecure container or act as a way to attack the host
machine.

It should be noted this is no different to any other malicious
config.json attack -- it is the responsibility of runtime-spec
generators to make sure the configuration is secure.

Reported-by: Akihiro Suda &lt;akihiro.suda.cz@hco.ntt.co.jp&gt;
Signed-off-by: Aleksa Sarai &lt;asarai@suse.de&gt;
diff --git a/conversion.md b/conversion.md
@@ -128,3 +128,8 @@ If there is a conflict (same key but different value) between an implicit annota
 
 A converter MAY add annotations which have keys not specified in the image.
 A converter MUST NOT modify the values of annotations specified in the image.
+
+Note there is a risk that some annotations might be used by container runtimes to do operations that pose a security risk (such as running container hooks on the host or modifying security-related aspects of the container configuration).
+As with any runtime specification configuration, generators SHOULD verify that the generated container configuration is safe before it is used to create a container.
+A converter MAY choose to not include annotations specified in the image, if the annotations are considered to be unsafe by the converter's security policy.
+If a converter does omit annotations during the conversion, it SHOULD provide feedback to the user to indicate that an annotation has not been converted.
