Google Git
Sign in
fuchsia / third_party / github.com / moby / moby / 5fffdb32261145b1178f571e25fbd71572769d58
commit5fffdb32261145b1178f571e25fbd71572769d58[log] [tgz]
authorJonathan A. Schweder <jonathanschweder@gmail.com>Thu Nov 29 22:03:22 2018 -0200
committerSebastiaan van Stijn <github@gone.nl>Fri Nov 30 14:57:51 2018 +0100
treea15693ceaa8e599ad32b381aea4b5b128a94af62
parente32fc16daa20c087eae4e7d4b16a79725a430108 [diff]
Masked /proc/asound

@sw-pschmied originally post this in #38285

While looking through the Moby source code was found /proc/asound to be
shared with containers as read-only (as defined in
https://github.com/moby/moby/blob/master/oci/defaults.go#L128).

This can lead to two information leaks.

---

**Leak of media playback status of the host**

Steps to reproduce the issue:

 - Listen to music/Play a YouTube video/Do anything else that involves
sound output
 - Execute docker run --rm ubuntu:latest bash -c "sleep 7; cat
/proc/asound/card*/pcm*p/sub*/status | grep state | cut -d ' ' -f2 |
grep RUNNING || echo 'not running'"
 - See that the containerized process is able to check whether someone
on the host is playing music as it prints RUNNING
 - Stop the music output
 - Execute the command again (The sleep is delaying the output because
information regarding playback status isn't propagated instantly)
 - See that it outputs not running

**Describe the results you received:**

A containerized process is able to gather information on the playback
status of an audio device governed by the host. Therefore a process of a
container is able to check whether and what kind of user activity is
present on the host system. Also, this may indicate whether a container
runs on a desktop system or a server as media playback rarely happens on
server systems.

The description above is in regard to media playback - when examining
`/proc/asound/card*/pcm*c/sub*/status` (`pcm*c` instead of `pcm*p`) this
can also leak information regarding capturing sound, as in recording
audio or making calls on the host system.

Signed-off-by: Jonathan A. Schweder <jonathanschweder@gmail.com>

(cherry picked from commit 64e52ff3dbdb31adc0a9930b3ea74b04b0df8d86)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
1 file changed
tree: a15693ceaa8e599ad32b381aea4b5b128a94af62
  1. .github/
  2. api/
  3. builder/
  4. cli/
  5. client/
  6. cmd/
  7. container/
  8. contrib/
  9. daemon/
  10. distribution/
  11. dockerversion/
  12. docs/
  13. errdefs/
  14. hack/
  15. image/
  16. integration/
  17. integration-cli/
  18. internal/
  19. layer/
  20. libcontainerd/
  21. migrate/
  22. oci/
  23. opts/
  24. pkg/
  25. plugin/
  26. profiles/
  27. project/
  28. reference/
  29. registry/
  30. reports/
  31. restartmanager/
  32. runconfig/
  33. vendor/
  34. volume/
  35. .DEREK.yml
  36. .dockerignore
  37. .gitignore
  38. .mailmap
  39. AUTHORS
  40. CHANGELOG.md
  41. codecov.yml
  42. CONTRIBUTING.md
  43. Dockerfile
  44. Dockerfile.e2e
  45. Dockerfile.simple
  46. Dockerfile.windows
  47. LICENSE
  48. MAINTAINERS
  49. Makefile
  50. NOTICE
  51. poule.yml
  52. README.md
  53. ROADMAP.md
  54. TESTING.md
  55. vendor.conf
  56. VENDORING.md
README.md

The Moby Project

Moby Project logo

Moby is an open-source project created by Docker to enable and accelerate software containerization.

It provides a “Lego set” of toolkit components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts and professionals to experiment and exchange ideas. Components include container build tools, a container registry, orchestration tools, a runtime and more, and these can be used as building blocks in conjunction with other tools and projects.

Principles

Moby is an open project guided by strong principles, aiming to be modular, flexible and without too strong an opinion on user experience. It is open to the community to help set its direction.

  • Modular: the project includes lots of components that have well-defined functions and APIs that work together.
  • Batteries included but swappable: Moby includes enough components to build fully featured container system, but its modular architecture ensures that most of the components can be swapped by different implementations.
  • Usable security: Moby provides secure defaults without compromising usability.
  • Developer focused: The APIs are intended to be functional and useful to build powerful tools. They are not necessarily intended as end user tools but as components aimed at developers. Documentation and UX is aimed at developers not end users.

Audience

The Moby Project is intended for engineers, integrators and enthusiasts looking to modify, hack, fix, experiment, invent and build systems based on containers. It is not for people looking for a commercially supported system, but for people who want to work and learn with open source code.

Relationship with Docker

The components and tools in the Moby Project are initially the open source components that Docker and the community have built for the Docker Project. New projects can be added if they fit with the community goals. Docker is committed to using Moby as the upstream for the Docker Product. However, other projects are also encouraged to use Moby as an upstream, and to reuse the components in diverse ways, and all these uses will be treated in the same way. External maintainers and contributors are welcomed.

The Moby project is not intended as a location for support or feature requests for Docker products, but as a place for contributors to work on open source code, fix bugs, and make the code more useful. The releases are supported by the maintainers, community and users, on a best efforts basis only, and are not intended for customers who want enterprise or commercial support; Docker EE is the appropriate product for these use cases.

Legal

Brought to you courtesy of our legal counsel. For more context, please see the NOTICE document in this repo.

Use and transfer of Moby may be subject to certain restrictions by the United States and other governments.

It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, please see https://www.bis.doc.gov

Licensing

Moby is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.