No topic the indisputable truth that it’s no longer a ‘precise’ vulnerability, escaping privileged Docker containers is on the opposite hand barely humorous. And on story of there will repeatedly be of us that can approach up with reasons or excuses to scramble a privileged container (even whenever you happen to if fact be told shouldn’t), this might per chance occasionally presumably perhaps if fact be told be at hand at some level sooner or later.

As a outcomes of the hot discovery of the cgroup_release_agent damage out trick (CVE-2022-0492), I went on a check out for calls to the call_usermodehelper_* family and tried to determine on which of them is also without disaster accessed internal a container environment.

It is serious to achieve what call_usermodehelper is earlier than we can occupy cessation a witness on the outcomes. What call_usermodehelper without a doubt does is scramble a program in usermode, which is a convenient function for security researchers ;).

After a handy book a rough grep, I stumbled on that the kernel’s coredump coping with code incorporated a call to this particular function. You might per chance presumably perhaps presumably see a sample of the code within the half beneath.

for (argi = 0; argi  argc; argi++)
        helper_argv[argi] = cn.corename + argv[argi];
helper_argv[argi] = NULL;

retval = -ENOMEM;
sub_info = call_usermodehelper_setup(helper_argv[0],
                                helper_argv, NULL, GFP_KERNEL,
                                umh_pipe_setup, NULL, &cprm);
if (sub_info)
        retval = call_usermodehelper_exec(sub_info,
                                          UMH_WAIT_EXEC);

kfree(helper_argv);

Then it took place to me that this would be a precise diagram to shoot at despite every little thing. Even more so on story of there is nothing that might per chance presumably perhaps cessation us from performing a coredump in a container, real? (As effectively as, applied sciences such as apport/systemd-coredump are exciting targets to research at some level sooner or later)

The acceptable factor left to retain out is strive and decide out how this code got accessed within the first space. Fortuitously, a rapid man 5 core printed precisely how this works!

From the manuals: Since kernel 2.6.19, Linux supports one more syntax for the /proc/sys/kernel/core_pattern file. If the first character of this file is a pipe symbol (|), then the relaxation of the line is interpreted as the pronounce-line for a consumer-residence program (or script) that is to be carried out.

For basically the most portion, what this implies is that if we can efficiently write our “wrong” program to /proc/sys/kernel/core_pattern prefixed with a pipe, the kernel will perform our program originate air of our container.

With out a doubt one of many necessities for that is that our binary is reachable on the host operating diagram. Fortuitously, the folders that OverlayFS (Docker’s filesystem) is mounting are also reachable on the host operating diagram. By performing the mount pronounce within the container, we can decide the placement of the filesystem. Let’s occupy cessation a witness on the outcomes.

root@80f74c2d80e5:/# mount
overlay on / kind overlay (rw,relatime,lowerdir=/var/lib/docker/overlay2/l/VNLJAHVXND5S423TW3TWVSKI7G:/var/lib/docker/overlay2/l/HMQWWMKA2U45KTCTUVDFHWCHQ2,upperdir=/var/lib/docker/overlay2/c6c17d65527df160607559e9700ac930b50fe3271402c0adf30a9d96cef21680/diff,workdir=/var/lib/docker/overlay2/c6c17d65527df160607559e9700ac930b50fe3271402c0adf30a9d96cef21680/work)
proc on /proc kind proc (rw,nosuid,nodev,noexe