From ada4cb196de74a2a3d09c75f104be5ff129d1456 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Wed, 1 Jul 2026 21:11:27 -0400 Subject: [PATCH] Lock down non-system users to not have open ended access --- confluent_server/confluent/messages.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/confluent_server/confluent/messages.py b/confluent_server/confluent/messages.py index 593f1a78..79ebcc6b 100644 --- a/confluent_server/confluent/messages.py +++ b/confluent_server/confluent/messages.py @@ -657,8 +657,11 @@ class InputFirmwareUpdate(ConfluentMessage): value, curruser) raise Exception(errstr) except KeyError: - pass # We can't check ownership for confluent users without system users, as is the case in a prominent container usage, - # We must rely upon the banned paths to mitigate risk instead + # non-system backed user, restrict them to either web curated assets or identity images + if not (value.startswith('/var/lib/confluent/client_assets/') or value.startswith('/var/lib/confluent/private/identity_images')): + raise Exception( + 'File transfer using non-system user {} is not supported for {}'.format(curruser, value)) + checkedfiles.add(value) self.filebynode[node] = value