We have released a change for a security vulnerability with codejail. This change is already available on the master branch of the edx/configuration repository. Juniper is the only affected named release, and has been updated to include the patch as of tag open-release/juniper.3. A patch is also attached for any other version taken between June 8 and August 8, 2020: codejail-symlink.v2.patch (2.2 KB)
Without this patch, Python-graded problems written by instructors will not be fully sandboxed, such that a malicious user with Studio access could read arbitrary files from disk (including config files with unencrypted secrets) or make direct calls to the database. This also applies to learner code in cases where problems are written to evaluate learner submissions as Python code (either directly, or using a python_lib.zip attached to the course.)
The main issue was that after our June 2020 upgrade from Python 2.7 to 3.5, virtualenv started using a symlink for the Python binary rather than copying the binary into place. The AppArmor profiles are written against that file, but AppArmor follows the symlink; the result is that AppArmor no longer sees any policies in effect against the resolved path. Some other codejail protections such as time limits were still working, so we did not realize that this protection had been lost. Our fix is to point the AppArmor policies directly against the Python binaries in effect. There is an additional change to reduce the visibility of some of the more sensitive configuration files, and another to test the sandbox during the setup phase.
We advise you to patch your instances as soon as possible.
If you have any questions, feel free to reach out to me.