This is a proof-of-concept (PoC) exploit for the CVE-2019-5736 vulnerability in runc, the runtime used in Docker.
I undertook this project as an exercise, for educational reasons and for fun. It should go without saying that I do not support unethical and/or illegal misuse of this code.
The vulnerability was discovered by Adam Iwaniuk and Borys Popławski and described in this blog post. Thanks for the great research!
To build a malicious container:
docker build .
Running this container will cause the runc binary to be overwritten with the
contents of the payload file, i.e.
docker run <image_id>
Next time runc is executed (e.g when a different container is run), the host will execute your payload.