Back to Blog

Evolving Harden-Runner’s disable-sudo Policy for Improved Runner Security

This post details a vulnerability to bypass Harden-Runner’s disable-sudo policy, the assigned CVE, and the steps we’ve taken to mitigate and detect it.
Varun Sharma
View LinkedIn

April 21, 2025

Share on X
Share on X
Share on LinkedIn
Share on Facebook
Follow our RSS feed
Table of Contents

Summary

Harden-Runner secures CI/CD workflows by controlling network access and monitoring activities on GitHub-hosted and self-hosted runners. Harden-Runner community tier has been adopted by more than 6,000 open-source projects, including projects from Microsoft, CISA, Google etc. In addition, several organizations use the Harden-Runner enterprise tier.  

Harden-Runner has detected the following CI/CD supply chain attacks:  

With the growing adoption of Harden-Runner, we’re grateful to have a strong and engaged community contributing to its continued security and improvement. We’d like to extend our sincere thanks to @loresuso and @darryk10 for responsibly disclosing the issue covered in this post and for their collaboration in helping us investigate and mitigate the vulnerability.

We have addressed a security issue in Harden-Runner where the disable-sudo policy could be bypassed by leveraging Docker access. The issue has been assigned CVE-2025-32955. This blog post outlines the details of the issue, the mitigation through an enhanced policy, newly added detections, and a preview of the upcoming lockdown mode for defense-in-depth.  

Background

Harden-Runner includes a policy option disable-sudo to prevent GitHub Actions workflows from escalating privileges by disabling sudo access for the runner user. This is implemented by removing the user from the sudoers file. The GitHub Actions workflow snippet below shows how this feature is used.

    steps:
      - uses: step-security/harden-runner@v2
        with:
         disable-sudo: true
         egress-policy: audit

However, the researchers identified a bypass: if the runner user has access to the dockerd or containerd socket, they can start a privileged container, mount the host filesystem, and regain root access — effectively restoring the sudo capability or achieving privilege escalation in other ways.

CVE Details

CVE ID

CVE-2025-32955

Affected Component

Harden-Runner

Affected Configuration

• Runners configured with disable-sudo: true

• Running on GitHub-hosted runners or ephemeral VM-based self-hosted runners

• Runner user has Docker access

Not Affected

This issue does not apply to Kubernetes-based Actions Runner Controller (ARC) Harden-Runner.

Severity

6.0 Medium

Patched version

v2.12.0  

Impact

For an attacker to bypass this control, they would first need the ability to run their malicious code (e.g., by a supply chain attack similar to tj-actions or exploiting a Pwn Request vulnerability)) on the runner.

An attacker with the ability to run a GitHub Actions job on a runner configured with disable-sudo: true could still escalate privileges to root using Docker, defeating the intended security control.  

Mitigation: Move to disable-sudo-and-containers

To fully mitigate this class of bypass, we’ve introduced and recommend the disable-sudo-and-containers policy. This enhanced policy includes:

• Removal of access to Docker and containerd sockets

• Uninstallation of Docker

• Retaining the restriction on sudo access

By eliminating Docker access entirely, this policy removes the attack vector used to bypass the original disable-sudo control.

We recommend you use the disable-sudo-and-containers option in favor of disable-sudo if your GitHub Actions job does not use containers.  The GitHub Actions workflow snippet below shows how to use this feature.

    steps:
      - uses: step-security/harden-runner@v2
        with:
         disable-sudo-and-containers: true
         egress-policy: audit

In response to this issue, Harden-Runner now includes runtime detections that identify attempts to evade the disable-sudo restriction.

Coming Soon: Lockdown Mode

We are developing a new lockdown mode feature as part of our ongoing defense-in-depth strategy.

If Harden-Runner detects behavior indicative of compromise—such as attempts to restore sudo, or modify sensitive files—it will:

• Enter lockdown mode

• Block further job execution to minimize impact

This feature will provide an additional safety net, ensuring that even successful evasion attempts are contained before they can cause broader damage.

Conclusion

This issue highlights the evolving nature of CI/CD security threats. We’re grateful to the security researchers who responsibly disclosed this bypass.

If your workflows currently rely on disable-sudo, we recommend upgrading to disable-sudo-and-containers if your GitHub Actions workflow job does not use docker.

For questions, please reach out to support@stepsecurity.io  

Blog

Explore Related Posts