Skip to content

Instantly share code, notes, and snippets.

@derekbassett
Created November 28, 2018 05:14
Show Gist options
  • Save derekbassett/c67c0b129804c55ec3ce2cbdf1412985 to your computer and use it in GitHub Desktop.
Save derekbassett/c67c0b129804c55ec3ce2cbdf1412985 to your computer and use it in GitHub Desktop.
Potential exploit for Docker Containers

Step 1. Launch a docker container

    $ docker run -it ubuntu /bin/bash

Step 2. Run the following INSIDE the container

    $ export LOCATION="SFS in Denver"
    $ sleep 1000

Step 3. Run outside the container in another window at the same time

    $ cat /proc/`pgrep sleep`/environ | tr '\0' '\n'

The cat command provides you with a list of environment variables.
So if you are following The Twelve-Factor App and passing all your configuration in using environment variables the only secrets can be exposed to the host container.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment