tanmay/Regolith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3 from gavrielc/claude/secure-ipc-access-Ni9l4

Browse Source 
Secure IPC with per-group namespaces to prevent privilege escalation
This commit is contained in:
gavrielc
2026-02-01 20:40:27 +02:00
committed by GitHub
parent febf90f3c8 6a94aec5da
commit ade9f2d323
3 changed files with 141 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
src/container-runner.ts
View File

@@ -110,11 +110,13 @@ function buildVolumeMounts(group: RegisteredGroup, isMain: boolean): VolumeMount
}); });
} }
const ipcDir = path.join(DATA_DIR, 'ipc'); // Per-group IPC namespace: each group gets its own IPC directory
fs.mkdirSync(path.join(ipcDir, 'messages'), { recursive: true }); // This prevents cross-group privilege escalation via IPC
fs.mkdirSync(path.join(ipcDir, 'tasks'), { recursive: true }); const groupIpcDir = path.join(DATA_DIR, 'ipc', group.folder);
fs.mkdirSync(path.join(groupIpcDir, 'messages'), { recursive: true });
fs.mkdirSync(path.join(groupIpcDir, 'tasks'), { recursive: true });
mounts.push({ mounts.push({
hostPath: ipcDir, hostPath: groupIpcDir,
containerPath: '/workspace/ipc', containerPath: '/workspace/ipc',
readonly: false readonly: false
}); });
@@ -359,17 +361,28 @@ export async function runContainerAgent(
}); });
} }
export function writeTasksSnapshot(tasks: Array<{ export function writeTasksSnapshot(
id: string; groupFolder: string,
groupFolder: string; isMain: boolean,
prompt: string; tasks: Array<{
schedule_type: string; id: string;
schedule_value: string; groupFolder: string;
status: string; prompt: string;
next_run: string | null; schedule_type: string;
}>): void { schedule_value: string;
const ipcDir = path.join(DATA_DIR, 'ipc'); status: string;
fs.mkdirSync(ipcDir, { recursive: true }); next_run: string | null;
const tasksFile = path.join(ipcDir, 'current_tasks.json'); }>
fs.writeFileSync(tasksFile, JSON.stringify(tasks, null, 2)); ): void {
// Write filtered tasks to the group's IPC directory
const groupIpcDir = path.join(DATA_DIR, 'ipc', groupFolder);
fs.mkdirSync(groupIpcDir, { recursive: true });
// Main sees all tasks, others only see their own
const filteredTasks = isMain
? tasks
: tasks.filter(t => t.groupFolder === groupFolder);
const tasksFile = path.join(groupIpcDir, 'current_tasks.json');
fs.writeFileSync(tasksFile, JSON.stringify(filteredTasks, null, 2));
} }

171
src/index.ts
View File

@@ -96,9 +96,9 @@ async function runAgent(group: RegisteredGroup, prompt: string, chatJid: string)
const isMain = group.folder === MAIN_GROUP_FOLDER; const isMain = group.folder === MAIN_GROUP_FOLDER;
const sessionId = sessions[group.folder]; const sessionId = sessions[group.folder];
// Update tasks snapshot for container to read // Update tasks snapshot for container to read (filtered by group)
const tasks = getAllTasks(); const tasks = getAllTasks();
writeTasksSnapshot(tasks.map(t => ({ writeTasksSnapshot(group.folder, isMain, tasks.map(t => ({
id: t.id, id: t.id,
groupFolder: t.group_folder, groupFolder: t.group_folder,
prompt: t.prompt, prompt: t.prompt,
@@ -144,72 +144,103 @@ async function sendMessage(jid: string, text: string): Promise<void> {
} }
function startIpcWatcher(): void { function startIpcWatcher(): void {
const messagesDir = path.join(DATA_DIR, 'ipc', 'messages'); const ipcBaseDir = path.join(DATA_DIR, 'ipc');
const tasksDir = path.join(DATA_DIR, 'ipc', 'tasks'); fs.mkdirSync(ipcBaseDir, { recursive: true });
fs.mkdirSync(messagesDir, { recursive: true });
fs.mkdirSync(tasksDir, { recursive: true });
const processIpcFiles = async () => { const processIpcFiles = async () => {
// Scan all group IPC directories (identity determined by directory)
let groupFolders: string[];
try { try {
const messageFiles = fs.readdirSync(messagesDir).filter(f => f.endsWith('.json')); groupFolders = fs.readdirSync(ipcBaseDir).filter(f => {
for (const file of messageFiles) { const stat = fs.statSync(path.join(ipcBaseDir, f));
const filePath = path.join(messagesDir, file); return stat.isDirectory() && f !== 'errors';
try { });
const data = JSON.parse(fs.readFileSync(filePath, 'utf-8'));
if (data.type === 'message' && data.chatJid && data.text) {
await sendMessage(data.chatJid, `${ASSISTANT_NAME}: ${data.text}`);
logger.info({ chatJid: data.chatJid }, 'IPC message sent');
}
fs.unlinkSync(filePath);
} catch (err) {
logger.error({ file, err }, 'Error processing IPC message');
// Move to error directory instead of deleting
const errorDir = path.join(DATA_DIR, 'ipc', 'errors');
fs.mkdirSync(errorDir, { recursive: true });
fs.renameSync(filePath, path.join(errorDir, file));
}
}
} catch (err) { } catch (err) {
logger.error({ err }, 'Error reading IPC messages directory'); logger.error({ err }, 'Error reading IPC base directory');
setTimeout(processIpcFiles, IPC_POLL_INTERVAL);
return;
} }
try { for (const sourceGroup of groupFolders) {
const taskFiles = fs.readdirSync(tasksDir).filter(f => f.endsWith('.json')); const isMain = sourceGroup === MAIN_GROUP_FOLDER;
for (const file of taskFiles) { const messagesDir = path.join(ipcBaseDir, sourceGroup, 'messages');
const filePath = path.join(tasksDir, file); const tasksDir = path.join(ipcBaseDir, sourceGroup, 'tasks');
try {
const data = JSON.parse(fs.readFileSync(filePath, 'utf-8')); // Process messages from this group's IPC directory
await processTaskIpc(data); try {
fs.unlinkSync(filePath); if (fs.existsSync(messagesDir)) {
} catch (err) { const messageFiles = fs.readdirSync(messagesDir).filter(f => f.endsWith('.json'));
logger.error({ file, err }, 'Error processing IPC task'); for (const file of messageFiles) {
const errorDir = path.join(DATA_DIR, 'ipc', 'errors'); const filePath = path.join(messagesDir, file);
fs.mkdirSync(errorDir, { recursive: true }); try {
fs.renameSync(filePath, path.join(errorDir, file)); const data = JSON.parse(fs.readFileSync(filePath, 'utf-8'));
if (data.type === 'message' && data.chatJid && data.text) {
// Authorization: verify this group can send to this chatJid
const targetGroup = registeredGroups[data.chatJid];
if (isMain || (targetGroup && targetGroup.folder === sourceGroup)) {
await sendMessage(data.chatJid, `${ASSISTANT_NAME}: ${data.text}`);
logger.info({ chatJid: data.chatJid, sourceGroup }, 'IPC message sent');
} else {
logger.warn({ chatJid: data.chatJid, sourceGroup }, 'Unauthorized IPC message attempt blocked');
}
}
fs.unlinkSync(filePath);
} catch (err) {
logger.error({ file, sourceGroup, err }, 'Error processing IPC message');
const errorDir = path.join(ipcBaseDir, 'errors');
fs.mkdirSync(errorDir, { recursive: true });
fs.renameSync(filePath, path.join(errorDir, `${sourceGroup}-${file}`));
}
}
} }
} catch (err) {
logger.error({ err, sourceGroup }, 'Error reading IPC messages directory');
}
// Process tasks from this group's IPC directory
try {
if (fs.existsSync(tasksDir)) {
const taskFiles = fs.readdirSync(tasksDir).filter(f => f.endsWith('.json'));
for (const file of taskFiles) {
const filePath = path.join(tasksDir, file);
try {
const data = JSON.parse(fs.readFileSync(filePath, 'utf-8'));
// Pass source group identity to processTaskIpc for authorization
await processTaskIpc(data, sourceGroup, isMain);
fs.unlinkSync(filePath);
} catch (err) {
logger.error({ file, sourceGroup, err }, 'Error processing IPC task');
const errorDir = path.join(ipcBaseDir, 'errors');
fs.mkdirSync(errorDir, { recursive: true });
fs.renameSync(filePath, path.join(errorDir, `${sourceGroup}-${file}`));
}
}
}
} catch (err) {
logger.error({ err, sourceGroup }, 'Error reading IPC tasks directory');
} }
} catch (err) {
logger.error({ err }, 'Error reading IPC tasks directory');
} }
setTimeout(processIpcFiles, IPC_POLL_INTERVAL); setTimeout(processIpcFiles, IPC_POLL_INTERVAL);
}; };
processIpcFiles(); processIpcFiles();
logger.info('IPC watcher started'); logger.info('IPC watcher started (per-group namespaces)');
} }
async function processTaskIpc(data: { async function processTaskIpc(
type: string; data: {
taskId?: string; type: string;
prompt?: string; taskId?: string;
schedule_type?: string; prompt?: string;
schedule_value?: string; schedule_type?: string;
groupFolder?: string; schedule_value?: string;
chatJid?: string; groupFolder?: string;
isMain?: boolean; chatJid?: string;
}): Promise<void> { },
sourceGroup: string, // Verified identity from IPC directory
isMain: boolean // Verified from directory path
): Promise<void> {
// Import db functions dynamically to avoid circular deps // Import db functions dynamically to avoid circular deps
const { createTask, updateTask, deleteTask, getTaskById: getTask } = await import('./db.js'); const { createTask, updateTask, deleteTask, getTaskById: getTask } = await import('./db.js');
const { CronExpressionParser } = await import('cron-parser'); const { CronExpressionParser } = await import('cron-parser');
@@ -217,6 +248,20 @@ async function processTaskIpc(data: {
switch (data.type) { switch (data.type) {
case 'schedule_task': case 'schedule_task':
if (data.prompt && data.schedule_type && data.schedule_value && data.groupFolder && data.chatJid) { if (data.prompt && data.schedule_type && data.schedule_value && data.groupFolder && data.chatJid) {
// Authorization: non-main groups can only schedule for themselves
const targetGroup = data.groupFolder;
if (!isMain && targetGroup !== sourceGroup) {
logger.warn({ sourceGroup, targetGroup, chatJid: data.chatJid }, 'Unauthorized schedule_task attempt blocked');
break;
}
// Authorization: verify the chatJid belongs to the target group
const chatGroup = registeredGroups[data.chatJid];
if (!isMain && (!chatGroup || chatGroup.folder !== targetGroup)) {
logger.warn({ sourceGroup, targetGroup, chatJid: data.chatJid }, 'Unauthorized schedule_task chatJid blocked');
break;
}
const scheduleType = data.schedule_type as 'cron' | 'interval' | 'once'; const scheduleType = data.schedule_type as 'cron' | 'interval' | 'once';
let nextRun: string | null = null; let nextRun: string | null = null;
@@ -233,7 +278,7 @@ async function processTaskIpc(data: {
const taskId = `task-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`; const taskId = `task-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
createTask({ createTask({
id: taskId, id: taskId,
group_folder: data.groupFolder, group_folder: targetGroup,
chat_jid: data.chatJid, chat_jid: data.chatJid,
prompt: data.prompt, prompt: data.prompt,
schedule_type: scheduleType, schedule_type: scheduleType,
@@ -242,18 +287,18 @@ async function processTaskIpc(data: {
status: 'active', status: 'active',
created_at: new Date().toISOString() created_at: new Date().toISOString()
}); });
logger.info({ taskId, groupFolder: data.groupFolder }, 'Task created via IPC'); logger.info({ taskId, sourceGroup, targetGroup }, 'Task created via IPC');
} }
break; break;
case 'pause_task': case 'pause_task':
if (data.taskId) { if (data.taskId) {
const task = getTask(data.taskId); const task = getTask(data.taskId);
if (task && (data.isMain || task.group_folder === data.groupFolder)) { if (task && (isMain || task.group_folder === sourceGroup)) {
updateTask(data.taskId, { status: 'paused' }); updateTask(data.taskId, { status: 'paused' });
logger.info({ taskId: data.taskId }, 'Task paused via IPC'); logger.info({ taskId: data.taskId, sourceGroup }, 'Task paused via IPC');
} else { } else {
logger.warn({ taskId: data.taskId, groupFolder: data.groupFolder }, 'Unauthorized task pause attempt'); logger.warn({ taskId: data.taskId, sourceGroup }, 'Unauthorized task pause attempt');
} }
} }
break; break;
@@ -261,11 +306,11 @@ async function processTaskIpc(data: {
case 'resume_task': case 'resume_task':
if (data.taskId) { if (data.taskId) {
const task = getTask(data.taskId); const task = getTask(data.taskId);
if (task && (data.isMain || task.group_folder === data.groupFolder)) { if (task && (isMain || task.group_folder === sourceGroup)) {
updateTask(data.taskId, { status: 'active' }); updateTask(data.taskId, { status: 'active' });
logger.info({ taskId: data.taskId }, 'Task resumed via IPC'); logger.info({ taskId: data.taskId, sourceGroup }, 'Task resumed via IPC');
} else { } else {
logger.warn({ taskId: data.taskId, groupFolder: data.groupFolder }, 'Unauthorized task resume attempt'); logger.warn({ taskId: data.taskId, sourceGroup }, 'Unauthorized task resume attempt');
} }
} }
break; break;
@@ -273,11 +318,11 @@ async function processTaskIpc(data: {
case 'cancel_task': case 'cancel_task':
if (data.taskId) { if (data.taskId) {
const task = getTask(data.taskId); const task = getTask(data.taskId);
if (task && (data.isMain || task.group_folder === data.groupFolder)) { if (task && (isMain || task.group_folder === sourceGroup)) {
deleteTask(data.taskId); deleteTask(data.taskId);
logger.info({ taskId: data.taskId }, 'Task cancelled via IPC'); logger.info({ taskId: data.taskId, sourceGroup }, 'Task cancelled via IPC');
} else { } else {
logger.warn({ taskId: data.taskId, groupFolder: data.groupFolder }, 'Unauthorized task cancel attempt'); logger.warn({ taskId: data.taskId, sourceGroup }, 'Unauthorized task cancel attempt');
} }
} }
break; break;

6
src/task-scheduler.ts
View File

@@ -40,9 +40,10 @@ async function runTask(task: ScheduledTask, deps: SchedulerDependencies): Promis
return; return;
} }
// Update tasks snapshot for container to read // Update tasks snapshot for container to read (filtered by group)
const isMain = task.group_folder === MAIN_GROUP_FOLDER;
const tasks = getAllTasks(); const tasks = getAllTasks();
writeTasksSnapshot(tasks.map(t => ({ writeTasksSnapshot(task.group_folder, isMain, tasks.map(t => ({
id: t.id, id: t.id,
groupFolder: t.group_folder, groupFolder: t.group_folder,
prompt: t.prompt, prompt: t.prompt,
@@ -56,7 +57,6 @@ async function runTask(task: ScheduledTask, deps: SchedulerDependencies): Promis
let error: string | null = null; let error: string | null = null;
try { try {
const isMain = task.group_folder === MAIN_GROUP_FOLDER;
const output = await runContainerAgent(group, { const output = await runContainerAgent(group, {
prompt: task.prompt, prompt: task.prompt,
groupFolder: task.group_folder, groupFolder: task.group_folder,