存档

文章标签 ‘docker安全’

docker 基础技术 基础知识学习站

2015年12月17日 评论已被关闭

http://coolshell.cn/tag/docker 看docker基础技术系列文章

自己去找吧,作者写的不错,虽然在安全方面有一些待探讨的地方

Docker Container Break-out Exploit

2015年12月17日 评论已被关闭

Amidst various blog postings on Docker, a security issue announced yesterday that detailed an exploit of Docker that makes it possible to do container breakout. This exploit would allow the ability to any data, including sensitive data, on the host system.

How does it work? Essentially, the file system struct of the container is shared with the host which allows a program on the container to run that can open file handles– which consist of a 64-bit string and a 32-bit inode number. Starting at an inode value of 2, which is / (root filesystem), the file system path is then walked and the use of brute force the 32-bit inode number to find the desired file.

The code to test this, shocker.c, which was developed by Sebastian Krahmer (Thank you!) can be used to demonstrate this exploit, and indeed I was able to:

阅读全文…