存档

文章标签 ‘cloud security’

Docker Security: Best Practices for your Vessel and Containers

2016年3月25日 没有评论

Everything you need to know about Docker security.Docker security

 

 新版本可能有些变化。

阅读全文…

Docker Container Break-out Exploit

2015年12月17日 没有评论

Amidst various blog postings on Docker, a security issue announced yesterday that detailed an exploit of Docker that makes it possible to do container breakout. This exploit would allow the ability to any data, including sensitive data, on the host system.

How does it work? Essentially, the file system struct of the container is shared with the host which allows a program on the container to run that can open file handles– which consist of a 64-bit string and a 32-bit inode number. Starting at an inode value of 2, which is / (root filesystem), the file system path is then walked and the use of brute force the 32-bit inode number to find the desired file.

The code to test this, shocker.c, which was developed by Sebastian Krahmer (Thank you!) can be used to demonstrate this exploit, and indeed I was able to:

阅读全文…