Security issue with Docker / namespaces?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Security issue with Docker / namespaces?

Bugzilla from jc@phocean.net
Hi guys,

I am afraid of a security issue with Docker.
Sorry but I have no other machines to test for now, so it might be a
local issue only.

I realized that today when running an Ubuntu container :

    % docker run -ti --rm --hostname=ubuntu --net=host ubuntu /bin/bash

It runs a bash shell inside the Ubuntu container.

But, from within the container (screenshot attached):

    % apt update
    # should fail, not finding the command
    % zypper refresh
    # unexpectedly, it would work and refresh the host repos!

Of course, this is absolutely abnormal and I am still evaluating the
exact impact.

I can tell that the issue was not here one week ago (I have been a quite
intensive Docker user for around 2 years).

So I am not sure what is causing this behavior.


Looking forward to reading some feedbacks.


Best regards,

--
Jean-Christophe

Screenshot_20180124_154527.png (157K) Download Attachment
signature.asc (871 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Security issue with Docker / namespaces?

Bugzilla from jc@phocean.net
Moreover, cat /etc/shadow shows host's users that should not be there
(understand: my user)...



Le 24/01/2018 à 16:01, Jean-Christophe Baptiste a écrit :

> Hi guys,
>
> I am afraid of a security issue with Docker.
> Sorry but I have no other machines to test for now, so it might be a
> local issue only.
>
> I realized that today when running an Ubuntu container :
>
>     % docker run -ti --rm --hostname=ubuntu --net=host ubuntu /bin/bash
>
> It runs a bash shell inside the Ubuntu container.
>
> But, from within the container (screenshot attached):
>
>     % apt update
>     # should fail, not finding the command
>     % zypper refresh
>     # unexpectedly, it would work and refresh the host repos!
>
> Of course, this is absolutely abnormal and I am still evaluating the
> exact impact.
>
> I can tell that the issue was not here one week ago (I have been a quite
> intensive Docker user for around 2 years).
>
> So I am not sure what is causing this behavior.
>
>
> Looking forward to reading some feedbacks.
>
>
> Best regards,
>

--
JCB


signature.asc (871 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Security issue with Docker / namespaces?

Bugzilla from jc@phocean.net
Never mind, more testing confirmed that it was a local issue.

Somehow my /var/lib/docker was trashed. Remove all the directory and
restarting from scratch solved the issue.

Regards,
JC

Le 24/01/2018 à 16:06, Jean-Christophe Baptiste a écrit :

> Moreover, cat /etc/shadow shows host's users that should not be there
> (understand: my user)...
>
>
>
> Le 24/01/2018 à 16:01, Jean-Christophe Baptiste a écrit :
>> Hi guys,
>>
>> I am afraid of a security issue with Docker.
>> Sorry but I have no other machines to test for now, so it might be a
>> local issue only.
>>
>> I realized that today when running an Ubuntu container :
>>
>>     % docker run -ti --rm --hostname=ubuntu --net=host ubuntu /bin/bash
>>
>> It runs a bash shell inside the Ubuntu container.
>>
>> But, from within the container (screenshot attached):
>>
>>     % apt update
>>     # should fail, not finding the command
>>     % zypper refresh
>>     # unexpectedly, it would work and refresh the host repos!
>>
>> Of course, this is absolutely abnormal and I am still evaluating the
>> exact impact.
>>
>> I can tell that the issue was not here one week ago (I have been a quite
>> intensive Docker user for around 2 years).
>>
>> So I am not sure what is causing this behavior.
>>
>>
>> Looking forward to reading some feedbacks.
>>
>>
>> Best regards,
>>
>
>

--
JCB


signature.asc (871 bytes) Download Attachment