Skip to content

Instantly share code, notes, and snippets.

@derekbassett

derekbassett/exploit-for-docker-containers.md

Created November 28, 2018 05:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save derekbassett/c67c0b129804c55ec3ce2cbdf1412985 to your computer and use it in GitHub Desktop.
Save derekbassett/c67c0b129804c55ec3ce2cbdf1412985 to your computer and use it in GitHub Desktop.
Download ZIP
Potential exploit for Docker Containers
Raw
exploit-for-docker-containers.md

Step 1. Launch a docker container

    $ docker run -it ubuntu /bin/bash

Step 2. Run the following INSIDE the container

    $ export LOCATION="SFS in Denver"
    $ sleep 1000

Step 3. Run outside the container in another window at the same time

    $ cat /proc/`pgrep sleep`/environ | tr '\0' '\n'

The cat command provides you with a list of environment variables.
So if you are following The Twelve-Factor App and passing all your configuration in using environment variables the only secrets can be exposed to the host container.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment