On November 20, the annual Archdays conference will take place , where Pasha Kann and I, as part of a demonstration, will show an example of how an application can be hacked in Docker and how to build a pipeline with security checks based on GitLab CI from scratch.
Hacking will take place in accordance with the instructions of the Pentest-In-Docker repository , which we prepared specifically for Archdays. There is also a version in Russian , you can try to get root on a linux host right now.
Exploitation of a vulnerability consists of the following stages:
Gaining access to the container shell under the www-data user using RCE - CVE-2014-6271 (Shellshock);
Raising privileges to root through FakePip exploit;
docker.sock ubuntu SSH ( /:/host );
hidle ;
;
Weave Scope.
, , RCE docker.sock. , docker.sock , - , , CVE-2016-5195 CVE-2020-14386. , , Docker API. , Docker 0-day , .
open-source Container Security, , .
GitLab CI. Hadolint, Dockle Trivy, . , , , . .
: https://archdays.ru/speakers/#track-bezopasnost-v-raspredelennyh-sistemah
, - , 50%: SwordfishSecurityArchdays20
A Methodology for Penetration Testing Docker Systems - Docker
Awesome DevSecOps - DevSecOps
Awesome Docker Security - Docker
Cloud Security Tools - Cloud Security
CloudSecDocs - Wiki Kubernetes, Docker Cloud Security,