In-and-out - Security of Copying to and from Live Containers
Nowadays mature container platforms (such as Docker, Kubernetes and LXD) provide users a way to extract files from a running container. There are several different design approaches for implementing s …
| Talk Title | In-and-out - Security of Copying to and from Live Containers |
| Speakers | Ariel Zelivansky (Security Research Team Lead, Palo Alto Networks), Yuval Avrahami (Security Researcher, Palo Alto Networks) |
| Conference | Open Source Summit + ELC Europe |
| Conf Tag | |
| Location | Lyon, France |
| Date | Oct 27-Nov 1, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Nowadays mature container platforms (such as Docker, Kubernetes and LXD) provide users a way to extract files from a running container. There are several different design approaches for implementing such a copy feature. In this talk, Yuval and Ariel will present the ups and downs of the different implementations with a focus on security and possible vulnerabilities.Throughout the presentation, different vulnerabilities that affected the major container engines will be reviewed. A live proof of concept of a vulnerability in the Docker copy comman will be presented.
