
32C3 CTF: Docker writeup - tshtf
https://kitctf.de/writeups/32c3ctf/docker/
======
shykes
A more accurate title would be "misconfigured Docker pwned" since
'\--net=host' removes the container's network isolation.

Still a pretty cool excuse for playing with unix socket fd passing!

~~~
espadrine
Why were the constraints of the game so loose? It even gave unprivileged SSH
access to the real machine, outside docker!

Is docker considered as strong as a chroot nowadays? Are uid0 programs unable
to escape? Is it safe to run the `try ruby`s of this world on docker?

The website[0] mentions that "even if an intruder manages to escalate to root
within a container, it will be much harder to do serious damage, or to
escalate to the host." Has anyone succeeded in doing so with a recent version
of docker?

[0]:
[https://docs.docker.com/engine/articles/security/](https://docs.docker.com/engine/articles/security/)

~~~
kevinsimper
The docs about Docker security could really need more honesty.

~~~
shykes
If you think there's an inaccuracy, please consider filing an issue on
[https://github.com/docker/docs.docker.com](https://github.com/docker/docs.docker.com)
, or even better sending a pull request to fix it.

