Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potentially version-dependent logic for determining if a container is privileged #23

Closed
oshaked1 opened this issue Nov 22, 2021 · 1 comment
Closed

Potentially version-dependent logic for determining if a container is privileged #23

oshaked1 opened this issue Nov 22, 2021 · 1 comment
Assignees
@amir9339

Comments

@oshaked1
Copy link
Collaborator

When checking if a container is privileged in the docker ps plugin, the capabilities value is compared to 0x3fffffffff. This value represents all available capabilities on modern kernels that were tested, but it may be different on older (and even future) kernels.
I suggest performing a version-independent check, where instead of comparing to a static value, the container's capabilities are compared to the capabilities of the init task (PID 1), which must be privileged.
amir9339 added a commit that referenced this issue Nov 28, 2021
@amir9339
Resolved issue #23 in docker plugin, privileged container detection i…
dd2b0c2 
…s now non version-dependent. Improved README
@amir9339
Copy link
Owner

Fixed in commit https://github.com/amir9339/volatility-docker/commit/dd2b0c23ab67f2127e623699de66cd76cea31bf9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amir9339 amir9339

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amir9339 @oshaked1