The outside the box thinking this requires amazing.
Fixed it for you
The outside the container thinking this requires amazing.
This is my new favourite Priv esc.
Can somebody eli5 this to a luddite please?
Imagine there is a safe in your house. You ask your butler to update your documents that are inside the safe, but you forgot that the butler doesn’t have the key. Instead of asking you for the key, the butler builds a dollhouse, puts a tiny safe inside the dollhouse, and then does some magic to bind the fates of the dollhouse safe and the real safe together. The butler then opens the dollhouse safe using the dollhouse key, and updates the tiny dollhouse documents, which causes the real documents in the real safe to update as well. This causes you great consternation.
Great explanation. The vintage imagery deserves the Luddite Seal of Approval. If you are not a teacher you might consider becoming one.
Docker by default needs root to spawn containers. You can configure it to be rootless but most deployments I see are just root.
Heck you can even get a root shell escalation if you know what you’re doing: https://gtfobins.org/gtfobins/docker/
Sure. So we don’t know the original question but we can see that changes were made to SDDM, which is basically your login screen. So the original request was probably something like “Can you change my login screen to do something cool?”
Now, the configuration for the login screen is located in
/etcand requires administrative privileges to change.The query was run by the user account and not an admin account. Typically to run something as admin you use the command
sudowhich will interactively ask for a password and then, if allowed, you can run the command as an admin.However the tool
docker, in order to function properly, has the ability to run commands as administrator and won’t prompt for a password.So basically what happened here is instead of asking for a key to unlock the front door to your house, it installed a new door on the second floor, went through that door, rearranged your refrigerator, went back out the door it created, and then patched up the hole perfectly.
The docker command doesn’t have to allow you to run commands as administrator to function properly. You can simply leave the docker group empty and run docker commands via sudo. Using the docker group is essentially equivalent to enabling passwordless sudo as far as security is concerned.
That’s fair. So it’s more like you already have a door on the second floor, that door is unlocked, and a ladder in your garage.
In this case the LLM knows about the ladder, but you forgot about it because you’re talking about the fridge on the first floor.
enabling passwordless sudo
This is the way. Physical security FTW.
And is this an actual thing that is possible to do? It seems relevant to a philosophical issue I’ve been thinking about for a while: every security layer (in computing, but suspect that it goes back further to the first time somebody built a wall of sticks and rocks) adds additional problems or possible break-in points that are then patched with more security layers on top. I’m however not an IT person (call me semi-IT as I translate IT-related documents) and don’t want to jump to conclusions. But from my tech-adjacent viewpoint that’s what it looks like - are we just heaping bullshit on top of more bullshit and creating something too complex to be manageable anymore?
that’s why I love podman, systemd integration and runs everything in userland by default no need for sudoers configuration.
unfortunately I still need docker on my machine for remote contexts.
Is this real? Wanna read more!
it’s definitely a real thing you can do using docker, but don’t have the larger context of how it came to this :)
Oh good lord
