github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Add /proc/asound to masked paths

Browse Source 
While looking through the Moby source code was found /proc/asound to be shared
with containers as read-only.

This can lead to two information leaks.

---

**Leak of media playback status of the host**

Steps to reproduce the issue:

 - Listen to music/Play a YouTube video/Do anything else that involves sound
   output
 - Execute docker run --rm ubuntu:latest bash -c "sleep 7; cat
   /proc/asound/card*/pcm*p/sub*/status | grep state | cut -d ' ' -f2 | grep
   RUNNING || echo 'not running'"
 - See that the containerized process is able to check whether someone on the
   host is playing music as it prints RUNNING
 - Stop the music output
 - Execute the command again (The sleep is delaying the output because
   information regarding playback status isn't propagated instantly)
 - See that it outputs not running

**Describe the results you received:**

A containerized process is able to gather information on the playback
status of an audio device governed by the host. Therefore a process of a
container is able to check whether and what kind of user activity is
present on the host system. Also, this may indicate whether a container
runs on a desktop system or a server as media playback rarely happens on
server systems.

The description above is in regard to media playback - when examining
`/proc/asound/card*/pcm*c/sub*/status` (`pcm*c` instead of `pcm*p`) this
can also leak information regarding capturing sound, as in recording
audio or making calls on the host system.

Reported-by: Philipp Schmied <pschmied@mailbox.org>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2018-11-30 14:27:08 +01:00
parent d5f00ed913
commit 70084ea6c3
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oci/spec.go
View File

@ -209,6 +209,7 @@ func populateDefaultUnixSpec(ctx context.Context, s *Spec, id string) error {
Linux: &specs.Linux{ Linux: &specs.Linux{
MaskedPaths: []string{ MaskedPaths: []string{
"/proc/acpi", "/proc/acpi",
"/proc/asound",
"/proc/kcore", "/proc/kcore",
"/proc/keys", "/proc/keys",
"/proc/latency_stats", "/proc/latency_stats",
@ -219,7 +220,6 @@ func populateDefaultUnixSpec(ctx context.Context, s *Spec, id string) error {
"/proc/scsi", "/proc/scsi",
}, },
ReadonlyPaths: []string{ ReadonlyPaths: []string{
"/proc/asound",
"/proc/bus", "/proc/bus",
"/proc/fs", "/proc/fs",
"/proc/irq", "/proc/irq",