| 2023-08-17 12:14:42 |
Jan Greve |
description |
The last few days, an update to the apt package that delivers the docker binary (or any of the underlying components like containerd) has broken ownership changes within docker builds. This only applies to the version in the ubuntu 22.04 apt repository; the version from the docker apt repository fixed the problem.
Steps to reproduce:
- Start a clean, fresh ubuntu 22.04 server instance (tried this 1PM CEST today)
- install docker (not from snap, but from apt)
- create the following Dockerfile:
from ubuntu:latest
run mkdir /home/test
run useradd -d /home/test test
run chown test:test /home/test -R
copy --chown=test:test Dockerfile /home/test/Dockerfile
run echo more test > /home/test/test
run chown test:test /home/test/test
cmd ls -la /home/test
- run "docker build -t test ."
- run "docker run test"
Expected result: the files and directories should belong to the user test.
Actual result with the affected version: they belong to root.
This may be a security vulerability, as the built container differs from the Dockerfile spec in regards to file and directory ownership, which could especially be problematic in union with suid-binaries.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: docker.io 20.10.25-0ubuntu1~22.04.1
ProcVersionSignature: Ubuntu 5.15.0-79.86-generic 5.15.111
Uname: Linux 5.15.0-79-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: pass
CloudArchitecture: x86_64
CloudID: none
CloudName: none
CloudPlatform: none
CloudSubPlatform: config
Date: Thu Aug 17 11:00:50 2023
InstallationDate: Installed on 2023-08-17 (0 days ago)
InstallationMedia: Ubuntu-Server 22.04.3 LTS "Jammy Jellyfish" - Release amd64 (20230810)
ProcEnviron:
TERM=linux
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: docker.io-app
UpgradeStatus: No upgrade log present (probably fresh install) |
The last few days, an update to the apt package that delivers the docker binary (or any of the underlying components like containerd) has broken ownership changes within docker builds. This only applies to the version in the ubuntu 22.04 apt repository; the version from the docker apt repository does not show the problem.
Steps to reproduce:
- Start a clean, fresh ubuntu 22.04 server instance (tried this 1PM CEST today)
- install docker (not from snap, but from apt)
- create the following Dockerfile:
from ubuntu:latest
run mkdir /home/test
run useradd -d /home/test test
run chown test:test /home/test -R
copy --chown=test:test Dockerfile /home/test/Dockerfile
run echo more test > /home/test/test
run chown test:test /home/test/test
cmd ls -la /home/test
- run "docker build -t test ."
- run "docker run test"
Expected result: the files and directories should belong to the user test.
Actual result with the affected version: they belong to root.
This may be a security vulerability, as the built container differs from the Dockerfile spec in regards to file and directory ownership, which could especially be problematic in union with suid-binaries.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: docker.io 20.10.25-0ubuntu1~22.04.1
ProcVersionSignature: Ubuntu 5.15.0-79.86-generic 5.15.111
Uname: Linux 5.15.0-79-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: pass
CloudArchitecture: x86_64
CloudID: none
CloudName: none
CloudPlatform: none
CloudSubPlatform: config
Date: Thu Aug 17 11:00:50 2023
InstallationDate: Installed on 2023-08-17 (0 days ago)
InstallationMedia: Ubuntu-Server 22.04.3 LTS "Jammy Jellyfish" - Release amd64 (20230810)
ProcEnviron:
TERM=linux
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: docker.io-app
UpgradeStatus: No upgrade log present (probably fresh install) |
|
