Skip to content

Instantly share code, notes, and snippets.

@rot13

rot13/Dockerfile Secret

Last active Dec 19, 2020
Embed
What would you like to do?
PHP pthread key leak demonstration
FROM debian:10
RUN apt-get update
RUN apt-get install -y wget build-essential libexpat-dev libpcre3-dev libnss3-dev pkgconf gdb
RUN wget https://downloads.apache.org/httpd/httpd-2.4.46.tar.bz2
RUN wget https://downloads.apache.org/apr/apr-1.7.0.tar.bz2
RUN wget https://downloads.apache.org/apr/apr-util-1.6.1.tar.bz2
RUN echo 'e2e148f0b2e99b8e5c6caa09f6d4fb4dd3e83f744aa72a952f94f5a14436f7ea *apr-1.7.0.tar.bz2' | sha256sum -c && \
tar -xjf apr-1.7.0.tar.bz2 && \
cd apr-1.7.0 && \
./configure && \
make -j$(nproc) && \
make install
RUN echo 'd3e12f7b6ad12687572a3a39475545a072608f4ba03a6ce8a3778f607dd0035b apr-util-1.6.1.tar.bz2' | sha256sum -c && \
tar -xjf apr-util-1.6.1.tar.bz2 && \
cd apr-util-1.6.1 && \
./configure --with-apr=/usr/local/apr && \
make -j$(nproc) && \
make install
RUN echo '740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea *httpd-2.4.46.tar.bz2' | sha256sum -c && \
tar -xjf httpd-2.4.46.tar.bz2 && \
cd httpd-2.4.46 && \
./configure --enable-so && \
make -j$(nproc) && \
make install
RUN wget https://www.php.net/distributions/php-8.0.0.tar.xz
RUN wget ftp://xmlsoft.org/libxml2/libxml2-2.9.10.tar.gz
RUN wget https://curl.se/download/curl-7.74.0.tar.xz
RUN echo '999d5f2c403cf6e25d58319fdd596611e455dd195208746bc6e6d197a77e878b curl-7.74.0.tar.xz' | sha256sum -c && \
tar -xJf curl-7.74.0.tar.xz && \
cd curl-7.74.0 && \
./configure --with-nss && \
make -j$(nproc) && \
make install
RUN echo 'aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f libxml2-2.9.10.tar.gz' | sha256sum -c && \
tar -xzf libxml2-2.9.10.tar.gz && \
cd libxml2-2.9.10 && \
./configure && \
make -j$(nproc) && \
make install
RUN echo 'b5278b3eef584f0c075d15666da4e952fa3859ee509d6b0cc2ed13df13f65ebb php-8.0.0.tar.xz' | sha256sum -c && \
tar -xJf php-8.0.0.tar.xz && \
cd php-8.0.0 && \
./configure --with-apxs2=/usr/local/apache2/bin/apxs --enable-curl --with-curl --enable-xml --with-libxml --disable-all && \
make -j$(nproc) && \
make install
RUN /usr/local/apache2/bin/apachectl -k start && \
sleep 1 && \
while kill -USR1 $(cat /usr/local/apache2/logs/httpd.pid); do \
gdb --pid $(cat /usr/local/apache2/logs/httpd.pid) --batch -ex 'p __pthread_keys' ; \
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment