Yesterday Aleksa Sarai, Senior Software Engineer at SUSE Linux GmbH, notified users that the ‘docker cp’ is vulnerable to symlink-exchange race attacks. This attack makes all the Docker versions vulnerable. This attack can be seen as a continuation of some ‘docker cp’ security bugs that Sarai had found and fixed in 2014.
This attack was discovered by Sarai, “though Tõnis Tiigi (software engineer at Docker)
did mention the possibility of an attack like this in the past (at the time we thought the race window was too small to exploit)”, he added.
The basis of this attack is that FollowSymlinkInScope suffers from a fundamental TOCTOU attack. FollowSymlinkInScope is used to take a path and resolve it safely as though the process was inside the container. Once the full path is resolved, it is passed around a bit and operated later on. If an attacker adds a symlink component to the path after the resolution, but before it is operated on, then the user will end up resolving the symlink path component on the host as root.
Sarai adds, “As far as I’m aware there are no meaningful protections against this kind of attack. Unless you have restricted the Docker daemon through AppArmor, then it can affect the host filesystem”.
Two reproducers of the issue have been attacked, including a Docker image and an empty directory in a loop hoping to hit the race condition. The Docker image contains a simple binary that does a RENAME_EXCHANGE of a symlink to “/”. In both the scripts, the user will be trying to copy a file to or from a path containing the swapped symlink. However, the run_write.sh script can overwrite the host filesystem in very few iterations. This is because internally Docker has a “chrootarchive” concept where the archive is extracted from within a chroot. However in Docker, it chroots into the parent directory of the archive target which can be controlled by the attacker. This makes the attacker more likely to succeed.
In an attempt to come up with a better solution for this problem, Sarai is working on Linux kernel patches. This will “add the ability to safely resolve paths from within a roots”.
Users are concerned with the Docker versions being vulnerable as ‘docker cp’ is a very popular command.
A user on Reddit says, “This seems really severe, it basically breaks a lot of the security that docker is assumed to provide. I know that we’re often told not to rely upon docker for security, but still. I guess trusted but unsecure containers where the attack is executed after startup are still safe, because the docker cp command has already been executed before the attack begins.”
A user on Hacker News comments, “So from a reading of the advisory and pull request, this seems to affect a specific set of scenarios, where a malicious image is running. Not sure if there are other scenarios where this would hit as well. One to be aware of, but as with most vulnerabilities, good to understand how it can be exploited, when you’re assessing mitigations”
To read more details of the notification, head over to Sarai’s mailing list.