-
-
Notifications
You must be signed in to change notification settings - Fork 223
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker update fact_extractor and cwe_checker #66
Conversation
Cool thing. I think the changes of the installer.sh should be removed from this pull request. They are already in separate pull request: #67 |
docker-compose.yml
Outdated
@@ -6,5 +6,7 @@ services: | |||
- ${FIRMWARE}/:/firmware | |||
- ${LOG}/:/log | |||
- /var/run/docker.sock:/var/run/docker.sock |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am wondering if this is a security problem in our use case.
We are going to start all of our containers with --rm. So if something goes really bad we are going to destroy it afterwards.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably one of our Docker experts can help with this. @N0K0?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would not call myself an expert :D This would not destroy the socket file if that is what you are wondering. The main security risk here is that the container will get access to do more of less whatever the dockerd user can (more often than not this imples root access).
Given this use case (emba as a whole) i'd think this would be okay?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does it mean root access to the host or to other docker containers?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Basically by having access to the socket you have access to the docker daemon. Which allows you to mount up the host file system and to whatever you feel like.
It also allows complete access to all other containers.
Here is an article that goes a bit into why it might be an bad idea :)
https://secureideas.com/blog/2018/05/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-1.html
The reason i feel that this might not be too bad is that running tools like EMBA is really not something you should do on your "regular" computer. Just like using Kali as your day to day OS is a bit wierd
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the link. Yes, currently we are running everything on our host as root. So, we are compromised by default if someone has a nice firmware for us. With docker in place everything would be a bit better :)
already merged |
Docker container now support more modules:
Allows for cwe-checker in docker container CWE-checker support in docker #38
FACT extractor can now be used in docker container Fact_extractor support in docker #56