Escaping privileged containers for fun
Despite the fact that it is not a ‘real’ vulnerability, escaping privileged Docker containers is nevertheless pretty funny. And because there will always be people who will come up with reasons or excuses to run a privileged container (even though you really shouldn’t), this could really be handy at some point in the future.
As a result of the recent discovery of the cgroup_release_agent
escape trick (CVE-2022-0492), I went on a search for calls to the call_usermodehelper_*
family and attempted to determine which ones may be easily accessed within a container environment.