All versions of Docker are currently vulnerable to a race condition that could give an attacker both read and write access to any file on the host system. Proof-of-concept code has been released.

The flaw is similar to CVE-2018-15664 and it offers a window of opportunity for hackers to modify resource paths after resolution but before the assigned program starts operating on the resource. This is known as a time-to-check-time-to-use (TOCTOU) type of bug.

Accessing files on the host

At its core, the vulnerability stems from the FollowSymlinkInScope function, which is vulnerable to a basic TOCTOU attack. The purpose of the function is to resolve a specified path in a secure manner by treating the processes as if they were inside the Docker container.

A resolved path is not operated on immediately and it "is passed around a bit and then operated on a bit later." An attacker can speculate this gap and add a symbolic link (symlink) path that could end up resolving on the host with root privileges.

This is possible with the 'docker cp' utility, which allows copying content between a container and the local filesystem. Similar bugs have been seen as far as 2014 (here and here).

"As far as I'm aware there are no meaningful protections against this kind of attack (other than not allowing "docker cp" on running containers -- but that only helps with his particular attack through FollowSymlinkInScope). Unless you have restricted the Docker daemon through AppArmor, then it can affect the host filesystem," writes in an advisory today Aleksa Sarai, Suse senior software engineer.

Mitigation options and exploit scripts

On Hacker News, a discussion offers potential mitigation solutions, although they depend on the context and purpose of the environment.

A mitigation proposed by Sarai would be to modify the 'chrootarchive' so that archive operations run in a secure environment where the root is the container 'rootfs.' This involves changing a core part of Docker, so it is not feasible.

The next best option is to pause the container when using the filesystem. This does not stop all the attacks but is a defense against the more basic ones. A patch has been submitted upstream and is still under review.

The engineer also created two exploit scripts - one for read, the other for write access -  where a binary tries to hit the race condition by running "a RENAME_EXCHANGE of a symlink to "/" and an empty directory in a loop." Sarai says that the purpose of both scripts is to copy a file to or from a path the contains modified symlink.

The attack code for reading arbitrary content from the host system the race condition has a less than 1% success rate. This may seem very low but, in practice, it translates to a 10-second wait for the attack to succeed.

With the script for writing resources on the host, there is the possibility to "overwrite the host filesystem in very few iterations."

Before making the announcement public, Sarai discussed the problem with Docker security team and concluded that it would be reasonable to disclose it.

Related Articles:

Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware