Pasi saarinen

3 Jul 2020

Helping root out of the container

A container breakout technique exploits AF_LOCAL sockets to smuggle file descriptors into a container. By passing a file descriptor for the root directory, a root user within the container can modify files outside its mount namespace. This attack demonstrates how root access in a container can compromise intended security isolation boundaries.

11 Jun 2020

Abusing access to mount namespaces through /proc/pid/root

Linux namespaces can be abused for privilege escalation in containerized environments. Two key attack vectors are demonstrated: creating block devices in Docker containers to bypass access controls and exploiting symlink vulnerabilities through mount and user namespaces. The research highlights potential security risks in container configurations and namespace implementations.