Sat 26 Mar 2022

Running GUI apps within Docker containers

However, what if we want to run desktop GUI apps within Docker containers to use them as components within larger systems? For example, if we run Firefox within Docker we can have an explicit separation of browser state between containers. This is beneficial for things like social media management, growth hacking (either via social media automation or manual labour done by VAs) or OSINT investigations. For example, one container would be configured with Firefox instance that uses a single dedicated mobile proxy for just one social media account. This would provide a degree of protection against social media platform cracking down on sock puppet accounts being used from single setup because traffic is kept separate for each account and cookie cross-contamination is being prevented.

Source: Running GUI apps within Docker containers.

Using the Dirty Pipe Vulnerability to Break Out from Containers

The Dirty Pipe vulnerability is a flaw in the Linux kernel that allows an unprivileged process to write to any file it can read, even if it does not have write permissions on this file. This primitive allows for privilege escalation, for instance by overwriting the /etc/passwd file with a new admin user.

Source: Using the Dirty Pipe Vulnerability to Break Out From Containers, an article by Christophe Tafani-Dereeper, Eric Mountain, Tommy McCormick, and Frederic Baguelin.