{"id":101093,"date":"2019-11-19T22:35:22","date_gmt":"2019-11-20T06:35:22","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=101093\/"},"modified":"2019-11-19T22:35:22","modified_gmt":"2019-11-20T06:35:22","slug":"docker-patched-the-most-severe-copy-vulnerability-to-date-with-cve-2019-14271","status":"publish","type":"post","link":"https:\/\/unit42.paloaltonetworks.com\/ja\/docker-patched-the-most-severe-copy-vulnerability-to-date-with-cve-2019-14271\/","title":{"rendered":"Docker\u3001\u3053\u308c\u307e\u3067\u3067\u6700\u3082\u6df1\u523b\u306a cp \u30b3\u30de\u30f3\u30c9\u306e\u8106\u5f31\u6027CVE-2019-14271\u3092\u4fee\u6b63"},"content":{"rendered":"

\u6982\u8981<\/h2>\n

\u3053\u3053\u6570\u5e74\u3001Docker\u3001Podman\u3001Kubernetes\u3092\u542b\u3080\u3055\u307e\u3056\u307e\u306a\u30b3\u30f3\u30c6\u30ca\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u3067\u3001copy\u30b3\u30de\u30f3\u30c9(cp)\u306e\u8106\u5f31\u6027\u304c\u8907\u6570\u78ba\u8a8d\u3055\u308c\u3066\u304d\u307e\u3057\u305f\u3002\u305d\u308c\u3089\u306e\u4e2d\u3067\u6700\u3082\u6df1\u523b\u306a\u3082\u306e\u306f\u3053\u306e7\u6708\u3068\u3044\u3046\u3054\u304f\u6700\u8fd1\u767a\u898b\u30fb\u958b\u793a\u3055\u308c\u305f\u3082\u306e\u3067\u3059\u3002\u9a5a\u304f\u3079\u304d\u3053\u3068\u306b\u3001CVE\u306e\u8aac\u660e\u5185\u5bb9\u304c\u3042\u3044\u307e\u3044\u3060\u3063\u305f\u3053\u3068\u3001\u516c\u958b\u3055\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u306a\u304b\u3063\u305f\u3053\u3068\u306a\u3069\u306e\u7406\u7531\u304b\u3089\u3001\u672c\u8106\u5f31\u6027\u306f\u516c\u958b\u76f4\u5f8c\u306b\u306f\u307b\u3068\u3093\u3069\u6ce8\u610f\u3092\u5f15\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002<\/p>\n

\u3057\u304b\u3057\u306a\u304c\u3089\u3001CVE-2019-14271<\/a>\u304c\u653b\u6483\u8005\u306b\u60aa\u7528\u3055\u308c\u305f\u5834\u5408\u3001Docker\u306e\u5b9f\u88c5\u3059\u308bcp\u30b3\u30de\u30f3\u30c9\u306f\u3001\u5b8c\u5168\u306a\u30b3\u30f3\u30c6\u30ca\u30d6\u30ec\u30a4\u30af\u30a2\u30a6\u30c8<\/strong>\u306b\u3064\u306a\u304c\u308a\u3046\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u554f\u984c\u3092\u5f15\u304d\u8d77\u3053\u3057\u307e\u3059\u3002\u3053\u306e\u8106\u5f31\u6027\u306f\u30012\u6708\u306b\u767a\u898b\u3055\u308c\u305frunC<\/a>\u8106\u5f31\u6027<\/a>\u4ee5\u964d\u3067\u521d\u3081\u3066\u306e\u5b8c\u5168\u306a\u30b3\u30f3\u30c6\u30ca\u30d6\u30ec\u30a4\u30af\u30a2\u30a6\u30c8\u3067\u3059\u3002<\/p>\n

\u3053\u306e\u8106\u5f31\u6027\u304c\u60aa\u7528\u3055\u308c\u308b\u306b\u3042\u305f\u3063\u3066\u306e\u524d\u63d0\u6761\u4ef6\u3068\u306a\u308b\u306e\u304c\u3001\u5bfe\u8c61\u306e\u30b3\u30f3\u30c6\u30ca\u304c\u3059\u3067\u306b\u5225\u306e\u653b\u6483(\u4ed6\u306e\u8106\u5f31\u6027\u3084\u6f0f\u3048\u3044\u3057\u305f\u79d8\u5bc6\u306a\u3069)\u306b\u3088\u3063\u3066\u4fb5\u5bb3\u6e08\u307f\u3067\u3042\u308b\u3053\u3068\u3001\u3042\u308b\u3044\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u4fe1\u983c\u3067\u304d\u306a\u3044\u30bd\u30fc\u30b9(\u30ec\u30b8\u30b9\u30c8\u30ea\u305d\u306e\u307b\u304b)\u304b\u3089\u306e\u60aa\u610f\u306e\u3042\u308b\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u3053\u3068\u3067\u3059\u3002\u3053\u308c\u3089\u306e\u6761\u4ef6\u4e0b\u3067\u30e6\u30fc\u30b6\u30fc\u304c\u8106\u5f31\u306acp\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u4fb5\u5bb3\u6e08\u307f\u30b3\u30f3\u30c6\u30ca\u304b\u3089\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3059\u308b\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u305f\u5834\u5408\u3001\u653b\u6483\u8005\u306f\u30b3\u30f3\u30c6\u30ca\u3068\u30db\u30b9\u30c8\u306e\u5206\u96e2\u5236\u9650\u3092\u56de\u907f\u3057\u3001\u5f53\u8a72\u30b3\u30f3\u30c6\u30ca\u3092\u5b9f\u884c\u3059\u308b\u30db\u30b9\u30c8\u3068\u540c\u30db\u30b9\u30c8\u5185\u306e\u4ed6\u306e\u3059\u3079\u3066\u306e\u30b3\u30f3\u30c6\u30ca\u306e\u5b8c\u5168\u306aroot\u5236\u5fa1\u3092\u53d6\u5f97\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n

CVE-2019-14271\u306f\u300cCritical (\u6df1\u523b)\u300d\u3068\u8a55\u4fa1\u3055\u308c\u3066\u304a\u308a\u3001Docker\u30d0\u30fc\u30b8\u30e7\u30f319.03.1<\/a>\u3067\u4fee\u6b63\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u672c\u7a3f\u3067\u306fCVE-2019-14271\u306e\u6982\u8981\u3068\u672c\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u306f\u521d\u3068\u306a\u308b\u6982\u5ff5\u5b9f\u8a3c(PoC)\u306b\u3064\u3044\u3066\u8003\u5bdf\u3057\u307e\u3059\u3002<\/p>\n

\u3053\u3053\u306e\u3068\u3053\u308d\u3001\u7b46\u8005\u3068Ariel Zelivansky\u306f\u3001\u4e3b\u8981\u306a\u30b3\u30f3\u30c6\u30ca\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u306b\u304a\u3051\u308bcopy\u30b3\u30de\u30f3\u30c9\u306e\u8106\u5f31\u6027\u6025\u5897\u3092\u305f\u3093\u306d\u3093\u306b\u8ffd\u8de1\u8abf\u67fb\u3057\u3066\u304d\u307e\u3057\u305f\u3002\u79c1\u305f\u3061\u306f\u3053\u306e\u8abf\u67fb\u7d50\u679c<\/a>\u30922019\u5e7411\u670820\u65e5\u306b\u30b5\u30f3\u30c7\u30a3\u30a8\u30b4\u3067\u958b\u50ac\u3055\u308c\u308bKubeCon<\/a> + CloudNativeCon 2019<\/a>\u3067\u767a\u8868\u3059\u308b\u4e88\u5b9a\u3067\u3059 (\u8a33\u6ce8: \u7c73\u56fd\u6642\u9593)\u3002\u79c1\u305f\u3061\u306f\u3001\u904e\u53bb\u306e\u8106\u5f31\u6027\u3001\u3055\u307e\u3056\u307e\u306a\u5b9f\u88c5\u3001\u305d\u3057\u3066\u3053\u306e\u6bd4\u8f03\u7684\u5358\u7d14\u306a\u30b3\u30de\u30f3\u30c9\u306e\u5b9f\u88c5\u304c\u306a\u305c\u9a5a\u304f\u307b\u3069\u96e3\u3057\u3044\u306e\u304b\u3001\u305d\u306e\u6839\u672c\u7684\u306a\u7406\u7531\u306b\u3064\u3044\u3066\u8abf\u67fb\u3092\u3057\u3066\u304d\u307e\u3057\u305f\u3002\u672c\u8abf\u67fb\u306b\u53d6\u308a\u7d44\u3080\u305f\u3081\u306b\u30d3\u30eb\u30c9\u3057\u305f\u30af\u30fc\u30eb\u306a\u65b0\u3057\u3044\u30ab\u30fc\u30cd\u30eb\u6a5f\u80fd\u306b\u3064\u3044\u3066\u3082\u8aac\u660e\u3057\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u30b3\u30f3\u30c6\u30ca\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306b\u95a2\u5fc3\u304c\u3042\u308b\u304b\u305f\u306f\u305c\u3072\u30c1\u30a7\u30c3\u30af\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n

docker cp\u30b3\u30de\u30f3\u30c9<\/h2>\n

\u30b3\u30d4\u30fc\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3046\u3068\u3001\u30db\u30b9\u30c8-\u30b3\u30f3\u30c6\u30ca\u9593\u3001\u307e\u305f\u306f\u30b3\u30f3\u30c6\u30ca-\u30b3\u30f3\u30c6\u30ca\u9593\u3067\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u305d\u306e\u69cb\u6587\u306f\u6a19\u6e96\u7684\u306aUnix\u306ecp\u30b3\u30de\u30f3\u30c9\u3068\u3088\u304f\u4f3c\u3066\u3044\u307e\u3059\u3002\u305f\u3068\u3048\u3070\u3001\/var\/logs\u3092\u30b3\u30f3\u30c6\u30ca\u304b\u3089\u629c\u304d\u51fa\u3057\u3066\u30b3\u30d4\u30fc\u3059\u308b\u306a\u3089\u3001\u305d\u306e\u69cb\u6587\u306f<\/p>\n

docker cp container_name:\/var\/logs \/some\/host\/path <\/span><\/p>\n

\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n

\u4e0b\u306e\u56f3\u304b\u3089\u3082\u308f\u304b\u308b\u3068\u304a\u308a\u3001\u30b3\u30f3\u30c6\u30ca\u304b\u3089\u629c\u304d\u51fa\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3059\u308b\u3055\u3044\u3001Docker\u306fdocker-tar\u3068\u547c\u3070\u308c\u308b\u30d8\u30eb\u30d1\u30fc\u30d7\u30ed\u30bb\u30b9\u3092\u4f7f\u3044\u307e\u3059\u3002<\/p>\n

\"\u56f31<\/a>
\u56f31 \u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30f3\u30c6\u30ca\u304b\u3089\u30b3\u30d4\u30fc\u3057\u3066\u3044\u308b\u3068\u3053\u308d\u3002ps\u30b3\u30de\u30f3\u30c9\u3067\u78ba\u8a8d\u3059\u308b\u3068docker-tar\u304c\u30d8\u30eb\u30d1\u30fc\u30d7\u30ed\u30bb\u30b9\u3068\u3057\u3066\u4f7f\u308f\u308c\u3066\u3044\u308b<\/figcaption><\/figure>\n

docker-tar\u306f\u3001\u5bfe\u8c61\u30b3\u30f3\u30c6\u30ca\u306bchroot\u3059\u308b(\u4e0b\u56f3\u53c2\u7167)\u3001\u8981\u6c42\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u3068\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u30a2\u30fc\u30ab\u30a4\u30d6\u3059\u308b\u3001\u30a2\u30fc\u30ab\u30a4\u30d6\u3055\u308c\u305ftar\u30d5\u30a1\u30a4\u30eb\u3092Docker\u30c7\u30fc\u30e2\u30f3\u306b\u8fd4\u3057\u3066\u30db\u30b9\u30c8\u4e0a\u306e\u5bfe\u8c61\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u5c55\u958b\u3057\u3066\u3082\u3089\u3046\u3001\u3068\u3044\u3046\u6d41\u308c\u3067\u52d5\u4f5c\u3057\u307e\u3059\u3002<\/p>\n

\"\u56f32<\/a>
\u56f32 docker-tar\u3067\u30b3\u30f3\u30c6\u30ca\u306bchroot\u3057\u305f\u3068\u3053\u308d<\/figcaption><\/figure>\n

chroot\u3092\u884c\u3046\u4e3b\u306a\u7406\u7531\u306f\u3001\u30db\u30b9\u30c8\u30d7\u30ed\u30bb\u30b9\u304c\u30b3\u30f3\u30c6\u30ca\u4e0a\u306e\u30d5\u30a1\u30a4\u30eb\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3088\u3046\u3068\u3057\u305f\u3068\u304d\u306b\u767a\u751f\u3057\u3046\u308bsymlink(\u30b7\u30f3\u30dc\u30ea\u30c3\u30af\u30ea\u30f3\u30af)\u306e\u554f\u984c\u3092\u56de\u907f\u3059\u308b\u3053\u3068\u306b\u3042\u308a\u307e\u3059\u3002symlink\u306e\u554f\u984c\u3068\u306f\u3001\u30a2\u30af\u30bb\u30b9\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u306e\u306a\u304b\u306bsymlink\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u3068\u3001\u305d\u308c\u304c\u30db\u30b9\u30c8\u5074\u306e\u30eb\u30fc\u30c8\u306b\u8aa4\u3063\u3066\u89e3\u6c7a\u3055\u308c\u3066\u3057\u307e\u3046\u53ef\u80fd\u6027\u304c\u3042\u308b\u3001\u3068\u3044\u3046\u554f\u984c\u3067\u3059\u3002\u653b\u6483\u8005\u306e\u5236\u5fa1\u4e0b\u306b\u3042\u308b\u30b3\u30f3\u30c6\u30ca\u306e\u5834\u5408\u3001\u3053\u308c\u304cdocker cp<\/span>\u3092\u9a19\u3057\u3066\u30b3\u30f3\u30c6\u30ca\u3067\u306f\u306a\u304f\u30db\u30b9\u30c8\u5074\u306e\u30d5\u30a1\u30a4\u30eb\u8aad\u307f\u66f8\u304d\u3092\u3055\u305b\u308b\u7a81\u7834\u53e3\u3068\u306a\u3063\u3066\u3057\u307e\u3044\u307e\u3059\u3002\u53bb\u5e74\u3082\u3053\u306esymlink\u95a2\u9023\u306e\u554f\u984c\u3067\u8907\u6570\u306eCVE\u304cDocker<\/a>\u3068P<\/a>o<\/a>dman<\/a>\u306b\u5272\u308a\u5f53\u3066\u3089\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u30b3\u30f3\u30c6\u30ca\u306e\u30eb\u30fc\u30c8\u306bchroot\u3059\u308b\u3053\u3068\u306b\u3088\u308a\u3001\u672c\u6765\u306a\u3089docker-tar\u306f\u3059\u3079\u3066\u306esymlink\u304c\u3046\u307e\u304f\u30b3\u30f3\u30c6\u30ca\u306e\u30eb\u30fc\u30c8\u306e\u4e0b\u306b\u89e3\u6c7a\u3055\u308c\u308b\u3053\u3068\u3092\u4fdd\u8a3c\u3057\u3066\u304f\u308c\u308b\u306f\u305a\u3067\u3059\u3002<\/p>\n

\u6b8b\u5ff5\u306a\u304c\u3089\u3053\u308c\u304c\u3001\u30b3\u30f3\u30c6\u30ca\u304b\u3089\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3059\u308b\u3055\u3044\u306e\u3055\u3089\u306b\u6df1\u523b\u306a\u554f\u984c\u767a\u751f\u306b\u3064\u306a\u304c\u308a\u307e\u3057\u305f\u3002<\/p>\n

CVE-2019-14271<\/h2>\n

Docker\u306fGo\u8a00\u8a9e\u3067\u66f8\u304b\u308c\u3066\u3044\u307e\u3059\u3002\u5177\u4f53\u7684\u306b\u3044\u3046\u3068\u3001\u8106\u5f31\u306a\u30d0\u30fc\u30b8\u30e7\u30f3\u306eDocker\u306fGo\u306e\u30d0\u30fc\u30b8\u30e7\u30f31.11\u3067\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306eGo\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306b\u306f\u3001\u57cb\u3081\u8fbc\u307f\u306eC\u30b3\u30fc\u30c9(cgo)\u3092\u542b\u307f\u3001\u5b9f\u884c\u6642\u306b\u5171\u6709\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u52d5\u7684\u306b\u30ed\u30fc\u30c9\u3059\u308b\u30d1\u30c3\u30b1\u30fc\u30b8\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u3046\u3057\u305f\u30d1\u30c3\u30b1\u30fc\u30b8\u306b\u306f\u3001docker-tar\u304c\u5229\u7528\u3059\u308bnet\u3084os\/user\u3082\u542b\u307e\u308c\u3066\u304a\u308a\u3001\u4e21\u30d1\u30c3\u30b1\u30fc\u30b8\u3068\u3082\u5b9f\u884c\u6642\u306blibnss_*.so\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u52d5\u7684\u306b\u30ed\u30fc\u30c9\u3057\u3066\u3044\u307e\u3059\u3002\u901a\u5e38\u3001\u30e9\u30a4\u30d6\u30e9\u30ea\u306f\u30db\u30b9\u30c8\u5074\u306e\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u304b\u3089\u30ed\u30fc\u30c9\u3055\u308c\u307e\u3059\u304c\u3001docker-tar\u306e\u5834\u5408\u3001\u30b3\u30f3\u30c6\u30ca\u306bchroot\u3059\u308b\u3053\u3068\u304b\u3089\u3001\u30b3\u30f3\u30c6\u30ca\u5074\u306e\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u304b\u3089\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u30ed\u30fc\u30c9\u3059\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u3064\u307e\u308a\u3001docker-tar\u306f\u300c\u30b3\u30f3\u30c6\u30ca\u5074\u3067\u751f\u6210\u30fb\u5236\u5fa1\u3057\u305f\u30b3\u30fc\u30c9\u3092\u30ed\u30fc\u30c9\u3057\u3066\u5b9f\u884c\u3059\u308b\u300d\u3068\u3044\u3046\u3053\u3068\u3067\u3059\u3002<\/p>\n

\u5206\u304b\u308a\u3084\u3059\u304f\u3044\u3048\u3070\u3001\u30b3\u30f3\u30c6\u30ca\u5074\u306e\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306bchroot\u3055\u308c\u308b\u3068\u3044\u3046\u70b9\u3092\u306e\u305e\u304d\u3001docker-tar\u306f\u30b3\u30f3\u30c6\u30ca\u5316\u3055\u308c\u3066\u3044\u306a\u3044\u306e\u3067\u3059\u3002\u3067\u3059\u304b\u3089docker-tar\u306f\u3001\u30db\u30b9\u30c8\u5074\u306e\u540d\u524d\u7a7a\u9593\u3067\u5b9f\u884c\u3055\u308c\u3001\u3059\u3079\u3066\u306e\u30eb\u30fc\u30c8\u6a5f\u80fd\u3092\u5099\u3048\u3001cgroups\u3084seccomp\u304b\u3089\u306e\u5236\u7d04\u3092\u53d7\u3051\u307e\u305b\u3093\u3002\u3057\u305f\u304c\u3063\u3066\u3001\u30b3\u30fc\u30c9\u3092docker-tar\u306b\u633f\u5165\u3057\u3055\u3048\u3059\u308c\u3070\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30f3\u30c6\u30ca\u304c\u30db\u30b9\u30c8\u3078\u306e\u5b8c\u5168\u306a\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u6a29\u9650\u3092\u53d6\u5f97\u3067\u304d\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n

\u3053\u3053\u3067\u8003\u3048\u3089\u308c\u308b\u653b\u6483\u30b7\u30ca\u30ea\u30aa\u306f\u3001\u6b21\u306e\u3044\u305a\u308c\u304b\u306e\u74b0\u5883\u3067\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3059\u308bDocker\u30e6\u30fc\u30b6\u30fc\u3067\u3057\u3087\u3046\u3002<\/p>\n