Docker and File Capabilities

Research started as Linux capabilities. I wanted to find misconfiguration or misimplementation inside the Linux kernel in order to bypass those checks, those capabilities checks. After looking at the files and directories that Docker engine produce when you pull an image from Docker Hub, I saw that one of the directories where the image is saved allows any user to execute any file from within this directory. Then I scanned over 2,500 Docker images from Docker Hub and found that Microsoft released few images that had that GDB file with file capabilities. And using low privileged user on the host, all I had to do is just find the path and then execute the file. From then on, I was root for any

Play episode from 08:41

Transcript

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

Get the app