Closed
Description
openedon Nov 8, 2019
Steps to reproduce the issue
- docker run -ti mcr.microsoft.com/dotnet/core/sdk:2.1-bionic
- find / -xdev -type d ( -perm -0002 -a ! -perm -1000 ) -ls # <-- find world-writable directories without the sticky bit set
- find / -xdev -type f -perm -o+w -ls # <-- find world-writable files
- find / -xdev ( -nouser -o -nogroup ) -ls # <-- find files without a registered user or group
Expected behavior
Should be no output
Actual behavior
Here is a non-exhaustive list of dangerous files/directories:
https://pastebin.ubuntu.com/p/P7Kgq6WTf3/
Some of the files in question are .Net DLLs, which I suspect could be used to gain a foothold on a container running externally-facing services and then used to pivot to gain greater access.
Additional information (e.g. issue happens only occasionally)
This affects -aspnet and -sdk variants of the Docker images, but didn't affect the -runtime versions when I tested.
Output of docker version
Not terribly relevant, but here you go:
Client: Docker Engine - Community
Version: 19.03.4
API version: 1.40
Go version: go1.12.10
Git commit: 9013bf583a
Built: Fri Oct 18 15:52:22 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.4
API version: 1.40 (minimum version 1.12)
Go version: go1.12.10
Git commit: 9013bf583a
Built: Fri Oct 18 15:50:54 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.5
GitCommit: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc:
Version: 1.0.0-rc6+dev
GitCommit: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
docker-init:
Version: 0.18.0
GitCommit: fec3683
Output of docker info
Client:
Debug Mode: false
Server:
Containers: 356
Running: 1
Paused: 0
Stopped: 355
Images: 1413
Server Version: 19.03.4
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1062.4.1.el7.x86_64
Operating System: Red Hat Enterprise Linux
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.28GiB
Name: REDACTED
ID: REDACTED
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Metadata
Assignees
Labels
No labels