Pull Request Runs on Self-Hosted GitHub Actions Runner
This job runs on a self-hosted GitHub Actions runner in a workflow that is triggered by a pull_request
event (or other Pull Request related events). Using self-hosted runners in Public repositories, especially when processing events for pull_request
events is considered highly risky as it allows external threats to run arbitrary code on that self-hosted runner compute instance.
While the “Maximum access for pull requests from public forked repositories” is read
, meaning that secrets (either repo-level or organization-level) are not exposed immediately accessible to the pull request workflow, the attacker can still directly run arbitrary code, without leveraging any vulnerability. Then, if they can perform privilege escalation (most runners allow sudo
), they may exfiltrate sensitive information from the runner, especially if the runner does not properly reset its state between jobs.
This risk occurs as soon as your GitHub Organization sets the GitHub Actions Runners configuration to allow self-hosted runners to be used in public repositories. You don’t even need to have a workflow that explicitly uses a self-hosted runner in a public repository, the mere fact that the configuration allows it is enough to allow the attacker to exploit it.
At the moment, poutine
looks for evidence of workflows explicitely using self-hosted runners, but we plan on improving this detection to also include the configuration of the GitHub Organization.
Set GitHub Organization Runners configuration to Disabled.
If you decide to allow and use self-hosted runners in public repositories, make sure to follow the hardening guidelines, knowing that is it critical to ensure that the runner is properly isolated from the rest of your infrastructure and state is cleared between jobs.
Having a GitHub Organization Runners configuration set to All repositories or to select some public repositories comes with the added responsbility of configuring your self-hosted runners pool in a way that is safe.