All of the current versions of Docker have a vulnerability that can allow an attacker to get read-write access to any path on the host server. The weakness is the result of a race condition in the Docker software and while there’s a fix in the works, it has not yet been integrated.
The bug is the result of the way that the Docker software handles some symbolic links, which are files that have paths to other directories or files. Researcher Aleksa Sarai discovered that in some situations, an attacker can insert his own symlink into a path during a short time window between the time that the path has been resolved and the time it is operated on. This is a variant of the time of check to time of use (TOCTOU) problem, specifically with the “docker cp” command, which copies files to and from containers.
“The basic premise of this attack is that FollowSymlinkInScope suffers from a fairly fundamental TOCTOU attack. The purpose of FollowSymlinkInScope is to take a given path and safely resolve it as though the process was inside the container. After the full path has been resolved, the resolved path is passed around a bit and then operated on a bit later (in the case of ‘docker cp’ it is opened when creating the archive that is streamed to the client),” Sarai said in his advisory on the problem.
“If an attacker can add a symlink component to the path after the resolution but beforeit is operated on, then you could end up resolving the symlink path component on the host as root. In the case of ‘docker cp’ this gives you read and write access to any path on the host.”
Sarai notified the Docker security team about the vulnerability and, after talks with them, the two parties agreed that public disclosure of the issue was legitimate, even without a fix available, in order to make customers aware of the problem. Sarai said researchers were aware that this kind of attack might be possible against Docker for a couple of years. He developed exploit code for the vulnerability and said that a potential attack scenario could come through a cloud platform.
“The most likely case for this particular vector would be a managed cloud which let you (for instance) copy configuration files into a running container or read files from within the container (through “docker cp”),,” Sarai said via email.
“However it should be noted that while this vulnerability only has exploit code for “docker cp”, that’s because it’s the most obvious endpoint for me to exploit. There is a more fundamental issue here — it’s simply not safe to take a path, expand all the symlinks within it, and assume that path is safe to use.”