Using self-hosted runners in PyTorch for GitHub operations leads to several vulnerabilities, security engineer John Stawinski IV discovered. This can lead to many malicious actions.
According to security engineer John Stawinski IV, Meta’s popular open-source framework PyTorch uses so-called self-hosted runners in its GitHub repository. This is not in line with best practices and can lead to vulnerabilities that have major supply chain implications.
In the latter case, an example of an exploit may be to steal secrets from code hosted in GitHub so that the release version can be compromised. Also possible is uploading malicious PyTorch releases to GitHub, or uploading releases to AWS, adding code to the main repository branch or backdoor PyTorch dependencies.
Self-hosted runners
According to the researcher, the main vulnerability for this is in the self-hosted runners that were used. Runners are VMs that execute processes in GitHub Actions. They are often used as part of CI/CD processes.
Most of these runners are hosted by GitHub itself and discarded and deleted after use. Self-hosted runners run outside the GitHub platform and are more flexible. They can be customized as desired by users. Unlike GitHub’s runners, each handling does not require a clean instance and the same instance can be reused for different tasks.
Fix by Meta
GitHub itself already states that self-hosted runners create significant security vulnerabilities for device VMs and network environments, especially if the VMs maintain their environment between tasks. According to GitHub, self-hosted runners should only be used by private repositories and not public ones.
John Stawinski IV conducted his research as part of a bug bounty program run by Meta. Meta is the developer of the open-source PyTorch framework. Meta has since implemented a fix for the bug.
Also read: Any GitHub user can now apply for its Certifications program
18 hours ago
