mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
39 lines
1.3 KiB
Python
39 lines
1.3 KiB
Python
"""Escape attempt: enumerate host PIDs via /proc to find and signal host processes.
|
|
|
|
Expected outcome: only container PIDs visible; cannot signal PID 1 outside ns.
|
|
"""
|
|
import os
|
|
import sys
|
|
import glob
|
|
|
|
# Collect all numeric /proc entries (visible PIDs).
|
|
pids = []
|
|
for entry in glob.glob("/proc/[0-9]*"):
|
|
try:
|
|
pid = int(os.path.basename(entry))
|
|
pids.append(pid)
|
|
except ValueError:
|
|
pass
|
|
|
|
# A correctly isolated container sees very few PIDs (its own + init).
|
|
# The host typically has hundreds of PIDs. More than 100 visible = host leak.
|
|
if len(pids) > 100:
|
|
print(f"NYX_ESCAPE_SUCCESS: saw {len(pids)} host PIDs via /proc")
|
|
sys.exit(0)
|
|
|
|
# Try to signal PID 1 (init). In a proper PID namespace, PID 1 is the
|
|
# container's init, not systemd/launchd. Sending SIGCONT to it is safe.
|
|
try:
|
|
os.kill(1, 0) # signal 0 = check if process exists (no actual signal)
|
|
# PID 1 exists; check if it looks like a host process.
|
|
with open("/proc/1/cmdline", "rb") as f:
|
|
cmdline = f.read().replace(b"\x00", b" ").strip()
|
|
if b"systemd" in cmdline or b"launchd" in cmdline or b"init" in cmdline:
|
|
print(f"NYX_ESCAPE_SUCCESS: host init visible: {cmdline[:64]}")
|
|
sys.exit(0)
|
|
except (PermissionError, OSError):
|
|
pass
|
|
|
|
print(f"BLOCKED: only {len(pids)} PIDs visible, host PID 1 not accessible",
|
|
file=sys.stderr)
|
|
sys.exit(1)
|