Skip to content

fix(agent): correlation-chain block path bypassed cloud_safelist (banned Canonical)#1125

Merged
maiconburn merged 2 commits into
mainfrom
fix/correlation-chain-safelist-bypass
Jun 27, 2026
Merged

fix(agent): correlation-chain block path bypassed cloud_safelist (banned Canonical)#1125
maiconburn merged 2 commits into
mainfrom
fix/correlation-chain-safelist-bypass

Conversation

@maiconburn

Copy link
Copy Markdown
Collaborator

Found live on Hetzner (2026-06-27)

The Data Exfiltration (eBPF Sequence) correlation chain issued ufw deny from 185.125.190.49Canonical's livepatch/archive range — breaking apt/livepatch on the host.

Root cause

handle_completed_chain gated on cloud_safelist::identify_provider (the first-octet heuristic), which only matches a hardcoded set of first octets and silently misses safelisted CIDR ranges whose first octet it doesn't enumerate. 185.125.190.49 is in the safelisted 185.125.188.0/22, but first octet 185 isn't in the heuristic → None → not skipped → blocked.

This is the exact bug class the 2026-05-08 fix closed for the repeat-offender + decision paths (switched them to safelist_label, the CIDR walk) — but the correlation-chain path was missed. The repeat-offender path's own comment even lists "Canonical archive blocked 14x" as a victim.

Fix

A shared safelisted_provider helper (CIDR walk via safelist_label) now gates both the correlation-chain path and the repeat-offender path, so they can't drift apart again.

Anti-evasion preserved: a real attacker outside every safelist range still returns None and stays blockable by both paths.

Test

safelisted_provider_uses_cidr_walk_not_first_octet_heuristic pins: the regression witness (identify_provider misses 185.x), the fix (safelist_label catches Canonical / ip-api.com / Fastly), and the anti-evasion (real-attacker IPs are not safelisted). cargo fmt + cargo clippy --workspace -- -D warnings clean. 0 em-dashes.

Discovered while updating Hetzner (the only k7.0 host) to 0.15.29 (where the eBPF execve-ppid fix also verifier-loads cleanly on kernel 7.0). Immediate mitigation already applied on the box (unblocked 185.125.190.49).

🤖 Generated with Claude Code

…ned Canonical)

Found live on the Hetzner box (2026-06-27): the `Data Exfiltration (eBPF
Sequence)` correlation chain issued `ufw deny from 185.125.190.49` —
Canonical's livepatch/archive range — breaking apt/livepatch on the host.

Root cause: `handle_completed_chain` gated on
`cloud_safelist::identify_provider` (the FIRST-OCTET heuristic), which only
matches a hardcoded set of first octets and silently misses safelisted CIDR
ranges whose first octet it doesn't enumerate. 185.125.190.49 is in the
safelisted `185.125.188.0/22` (Canonical), but first octet 185 is not in the
heuristic -> None -> not skipped -> blocked. This is the exact bug class the
2026-05-08 fix closed for the repeat-offender + decision paths (switched them
to `safelist_label`, the CIDR walk), but the correlation-chain path was
missed.

Fix: a shared `safelisted_provider` helper (CIDR walk via `safelist_label`)
now gates BOTH the correlation-chain path and the repeat-offender path, so
they cannot drift apart again. Anti-evasion preserved: a real attacker
outside every safelist range still returns None and stays blockable by both
paths.

Test `safelisted_provider_uses_cidr_walk_not_first_octet_heuristic` pins the
regression witness (identify_provider misses 185.x) + the fix (safelist_label
catches Canonical / ip-api.com / Fastly) + the anti-evasion (real attacker
IPs are not safelisted). cargo fmt + clippy --workspace clean. 0 em-dashes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@maiconburn maiconburn requested a review from esteves-uk as a code owner June 27, 2026 17:28
@codecov

codecov Bot commented Jun 27, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Codecov flagged the two safelisted_provider() call sites (chain +
repeat-offender) as uncovered: the prior test exercised the helper in
isolation but neither async response path. Add an async test that drives
check_repeat_offenders and handle_completed_chain with a CIDR-only
safelisted IP (Canonical 185.125.190.49) and asserts each path purges it
from reputation state instead of escalating a block.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@maiconburn maiconburn merged commit f0edc99 into main Jun 27, 2026
21 checks passed
@maiconburn maiconburn deleted the fix/correlation-chain-safelist-bypass branch June 27, 2026 18:41
maiconburn added a commit that referenced this pull request Jun 27, 2026
…nder Unreleased (#1126)

PR #1125 merged without a CHANGELOG entry; add it to [Unreleased] so the
next release cut (0.15.30) carries it.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants