<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Docker on LEIKAH</title><link>https://leikah.haoyingcao.xyz/en/tags/docker/</link><description>Recent content in Docker on LEIKAH</description><generator>Hugo</generator><language>en</language><atom:link href="https://leikah.haoyingcao.xyz/en/tags/docker/index.xml" rel="self" type="application/rss+xml"/><item><title>Privileged Groups</title><link>https://leikah.haoyingcao.xyz/en/docs/priv_esc/linux/permission/priv_groups/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://leikah.haoyingcao.xyz/en/docs/priv_esc/linux/permission/priv_groups/</guid><description>&lt;p&gt;Certain groups give their members high privileges that can be abused to obtain root access on the host. Below are some examples:&lt;/p&gt;
&lt;h2 id="lxclxd"&gt;LXC/LXD&lt;a class="td-heading-self-link" href="#lxclxd" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;LXD is similar to Docker and is Ubuntu&amp;rsquo;s container manager. Upon installation, all users are added to the LXD group.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" style="color:#d8dee9;background-color:#2e3440;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"&gt;&lt;code class="language-shell-session" data-lang="shell-session"&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;devops@NIX02:~$ id
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;&lt;span style="color:#bf616a"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;uid=1009(devops) gid=1009(devops) groups=1009(devops),110(lxd)
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Membership in the LXD group can be used to escalate privileges by creating an LXD container, making it privileged, and then accessing the host file system at &lt;code&gt;/mnt/root&lt;/code&gt;.&lt;/p&gt;</description></item></channel></rss>