walden, system, systems, remote, virtual, cloud, computing, desktop, ciel, cielview, view, compute, vm, machine, vdi, infrastructure, server, paas, saas, platform, service, software, serverless, thin, client, workspace, private, public, iaas, vcloud, terminal, tco, thin client, walden systems, virtualized, customized, view, docker, play, vulnerability

Play with Docker vulnerability

CielView-Server minimizes redundancy in computing resources while allowing users remote desktop access to virtualized user Desktops. CielView-Desktop provides customized solutions to each user in an organization

Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The hack does not impact production Docker instances, according to CyberArk researchers that developed the proof of concept attack. The team was able to escape the container and run code remotely right on the host, which has security implications. Gaining host access from a Linux container should be a very difficult task. In the Play-with-Docker proc, that was not the case. The reason, Play-with-Docker uses a privileged container, and prior to the fix, failed to secure it properly.

Play-with-Docker is an open source, free, in browser, online playground designed to help developers learn how to use containers. While Play-with-Docker has the support of Docker, it was not created by Docker. The environment simulates having the Alpine Linux Virtual Machine in browser, allowing users to build and run Docker containers in various configurations.

Researchers were able to escape the test container environment by focusing on a virtual machine weakness. While VMs create a full copy of a Linux Kernel for every single VM instance, containers don't. They use the same kernel code, which means that a hacker escaping the container and gaining host access would be a huge problem. Unfortunately, Play-with-Docker used a privileged container that they failed to secure. This means that host access, while difficult, was not impossible to attain. In the report, researchers detail loading a malicious kernel module into VM that escapes and manipulates the underlying computer, or kernel.

The Linux kernel is one big chunk of code. Sometimes there are drivers that are not part of the monolithic code and are instead loaded on demand. If you plug in a USB device and the kernel doesn't have the driver, a kernel module will load dynamically into the kernel. Kernels only accept modules of their own, compiled with the kernel code.

What the researchers did was develop a way for the kernel to accept a malicious module. Researchers use a module already loaded on the kernel to help build their own malicious modules that ultimately creates a reverse shell. A reverse shell is a process started on a machine, with its input and output being controlled by a remote user from a remote computer. This is only one way to escape a privileged container, there are several other ways.