-
Notifications
You must be signed in to change notification settings - Fork 544
Exploit: check ptrace
cdxy edited this page Dec 3, 2020
·
2 revisions
检查容器内部是否存在cap=SYS_PTRACE
权限,存在该权限并且挂载宿主机的PID空间时,可以在容器环境内注入宿主机进程进行逃逸。
该脚本将检查内部是否存在cap=SYS_PTRACE
权限,同时打印容器内部进程列表。
Checking if container has cap=SYS_PTRACE
capability, containers which have both this capability and host PID namespace shared (--PID=host) can be escaped by process injection.
This scripts will check if container has cap=SYS_PTRACE
capability then print process information.
Further Exploit: https://github.com/gaffe23/linux-inject
./cdk run check-ptrace
./cdk run check-ptrace