
I Hacked Play-With-Docker and Remotely Ran Code on the Host - tigerente
https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
======
WestCoastJustin
What an awesome hacking session. Very nice angle on writing their own kernel
module. Thanks for posting this!

------
theamk
TL/DR: Docker runs "Play with docker" service, and they did not block insmod
there, nor did they block access to the boot disk. Wow! To quote the author:

> The reason is quite simple: PWD uses a privileged container

This is such an obvious failure that I wonder how it could even get into
production.

~~~
flatiron
They probably wanted to support docker in docker.

