Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Docker Patched the Most Severe Copy Vulnerability to Date With CVE-2019-14271
Yuval Avrahami - paloaltonetworksPosted 5 Years Ago- Docker is a wildly used containerization solution. It allows for the build once, run everywhere by building it in the same env every time. Although Docker is not considered a safe sandbox, finding container escapes within Docker are usually a big deal.
cp(yes, like in Unix terminals) is command to copy files. This same command can be used to transfer files between host and containers. In recent years, lots of issues have came up in containers because of this command.- In this example, the cp command was subject to a race condition on symbolic links. The validation and the usage were done at different points, creating a TOCTOU issue.
- The main bug of the article posted results from the
docker cploading libraries at runtime for this command. By usingchrootto go into the container directory for the copy, it prevents symbolic links. But, the dynamically loaded libraries are loaded within the container! - So, a malicious actor who has compromised the container could add a set of malicious libraries for docker to load. Now, we can execute code on the host when it leaves the container.
- This issue was discovered completely by accident at here for functionality reasons with the library loading. The fix for this was loading the libraries prior to chrooting into the container.
