runc maskedPaths /dev/null verification container escape

This repository is not a weaponized exploit but an educational lab platform for CVE-2025-31133-related Docker/BuildKit/runc behavior. The core component is app/server.py, a Flask application that accepts uploaded Compose project ZIPs, validates them, runs docker compose config, applies policy checks, builds projects in either default Compose mode or Buildx/Bake mode, starts allowed containers, captures logs/events, proxies one labeled service via /apps/<project_id>/, and performs cleanup with before/after state checks on /dev/null and /proc/sys/kernel/core_pattern. The platform requires Docker socket access and is explicitly intended to run only in an isolated disposable lab VM. Repository structure: top-level Dockerfile and docker-compose.yml build/run the platform container; requirements.txt lists Flask, PyYAML, and requests; app/server.py contains nearly all platform logic; scripts/host-health.sh checks Docker/Compose/Buildx/runc versions; scripts/make-sample-zips.sh packages sample projects. Under samples/, benign-web is a harmless demo web app; build-host-read-probe is a read-only build-time probe that checks paths like /proc/1/root/etc/os-release and /proc/1/root/etc/passwd to observe namespace leakage during image build; cve-2025-31133-safe-canary is a no-harm conceptual demo that replaces a fake rootfs /dev/null with a symlink to a fake host file under /tmp and then reads it; rejected-privileged is a policy-negative sample showing configurations the platform blocks. Main capabilities: upload and orchestrate untrusted Compose projects; inspect normalized Compose configs; reject dangerous runtime settings such as privileged mode, host namespaces, dangerous capabilities, Docker socket mounts, host-path mounts, external networks, and host port publishing; build with Compose or Bake/Buildx; expose one service through the platform proxy; collect logs and reports; and demonstrate CVE-2025-31133 concepts safely. There is no real host-escape payload, reverse shell, persistence, or destructive action in the provided code. The included samples are intentionally constrained to read-only observation or fake canary paths under /tmp, making this best classified as a proof-of-concept educational lab rather than an operational exploit.

Repository purpose: a reproducible lab + PoCs demonstrating two runc container-escape vulnerabilities (CVE-2024-21626 and CVE-2025-31133) and optional eBPF-based enforcement/detection using Cilium Tetragon. Key exploit capabilities: - CVE-2024-21626 PoC (files/pocs/cve-2024-21626.py): builds a minimal OCI bundle and runs runc with process.cwd set to /proc/self/fd/7 (commented as a symlink to /sys/fs/cgroup). The container process runs /bin/touch with a relative path (../../../pwned_by_cve_2024_21626) to create a marker file on the host, demonstrating escape/write outside the container rootfs. - CVE-2025-31133 PoC (files/pocs/cve-2025-31133.py): builds a minimal OCI bundle and launches a container, then runs a tight race that repeatedly replaces bundle/rootfs/dev/null with either a real /dev/null copy or a symlink to /proc/sys/kernel/core_pattern. It then uses runc exec to write a pipe handler ("|/bin/touch /pwned_by_cve_2025_31133") into core_pattern and verifies it by reading the sysctl. On success it triggers SIGSEGV inside the container to cause the kernel to execute the core_pattern handler as root, creating the marker file. Defensive/detection content: - files/rules/cve-2024-21626.yaml: Tetragon TracingPolicy kprobe on sys_chdir; matches /proc/*/fd/{6,7,8} when binary ends with /runc; posts an event and overrides with -EPERM to block. - files/rules/cve-2025-31133.yaml: Tetragon TracingPolicy kprobe on sys_openat; blocks writes (O_WRONLY/O_RDWR) to /proc/sys/kernel/core_pattern from non-host mount namespaces. Lab/provisioning structure: - terraform/*: provisions an AWS EC2 instance, installs a chosen runc version (locals.tf pins 1.1.11 by default), installs Tetragon, copies PoCs and utilities to /pocs and /utils, deploys tracing policies to /etc/tetragon/tetragon.tp.d, and sets the setuid bit on /usr/local/bin/runc (increasing realism for local-priv scenarios). - Makefile: wraps terraform init/apply/destroy and provides an ssh convenience target. - files/utils/reset.sh: cleans marker files and resets kernel.core_pattern. - files/utils/performance.py + data/*.csv: local-only CPU/load measurement tooling and sample outputs; not used by the exploit itself. Overall: This is an operational PoC repo (not a framework module) focused on local container escape primitives against vulnerable runc, with clear host-side proof artifacts and optional eBPF policy enforcement to demonstrate mitigation.

Repository purpose: an educational PoC + lab setup for CVE-2025-31133 (runc maskedPaths bypass via race condition) culminating in host code execution. Structure: - README.md: explains CVE, setup, running steps, expected output, mitigation. - lab-setup.sh (bash): provisions an Ubuntu lab by installing Docker + dependencies (gcc, netcat-traditional), then downloads and installs a vulnerable runc release (v1.2.0) from GitHub releases, optionally verifying sha256, and replaces the host runc binary. - cve-2025-31133-exploit.sh (bash + embedded C): main exploit. It (1) prompts for attacker IP/port, (2) builds a payload string that sets /proc/sys/kernel/core_pattern to a pipe handler invoking nc.traditional for a reverse shell, (3) compiles a small C “racer” that continuously unlinks and recreates the container rootfs /dev/null device node to win a timing window, (4) repeatedly launches a crafted OCI container with maskedPaths including /proc/sys/kernel/core_pattern but with a process that attempts to write the payload into that path, and (5) checks whether core_pattern changed compared to a backup. On success it prints original/modified values and attempts restoration. Exploit capability details: - Primary capability: container escape / maskedPaths bypass enabling write to a host-protected procfs sysctl. - Post-exploitation: host command execution via core_pattern pipe handler, yielding a reverse shell to a user-specified endpoint. - Reliability: race-based; loops over microsecond delays (1/5/10) and multiple attempts per delay (20). Cleanup uses pkill and runc kill/delete to reset state between attempts.

This repository contains a Proof-of-Concept (PoC) exploit for CVE-2025-31133, a race condition in runc's handling of maskedPaths that can allow a container escape. The repository consists of two files: a bash script (CVE-2025-31133_poc.sh) and a detailed README. The script automates the exploitation process by creating a minimal container environment, setting up a symlink race on the container's /dev/null, and attempting to write to the host's /proc/sys/kernel/core_pattern file from within the container. The exploit is safe and non-destructive, only writing the string 'pwned' to the target file to prove the vulnerability. The README provides a thorough explanation of the vulnerability, the exploit technique, and instructions for use and cleanup. The main attack vector is local, requiring the attacker to run the script on a host with a vulnerable runc version. The exploit does not execute arbitrary code but demonstrates a write primitive to a sensitive host file, confirming the presence of the vulnerability.

This repository contains a single file, README.md, which provides a full Bash proof-of-concept exploit for CVE-2025-31133, a race condition in runc's handling of maskedPaths. The exploit is designed to achieve host code execution from within a container by racing the creation of /dev/null in the container's root filesystem, symlinking it to /proc/sys/kernel/core_pattern, and then using runc to run a container. Once the race is won, the exploit overwrites core_pattern to execute /bin/sh on the host when a process crashes, then triggers a crash to gain a shell. The exploit requires a vulnerable version of runc and the ability to run containers with custom configurations. The repository is a functional PoC, not a detection script, and demonstrates a real breakout scenario. All code and configuration are contained within the README.md, which includes a Bash script and detailed comments.