Containerisation is a popular deployment process for application-level virtualisation using a layer-based approach. Docker is a leading provider of containerisation, and through the Docker Hub, users can supply Docker images for sharing and re-purposing popular software application containers. Using a combination of in-built inspection commands, publicly displayed image layer content, and static image scanning, Docker images are designed to ensure end users can clearly assess the content of the image before running them. In this paper we present gh0stEdit, an exploit that fundamentally undermines the integrity of Docker images and subverts the assumed trust and transparency they utilise. The use of gh0stEdit allows an attacker to maliciously edit Docker images, in a way that is not shown within the image history, hierarchy or commands. This attack can also be carried out against signed images (Docker Content Trust) without invalidating the image signature. We present a detailed case study for this exploit, and showcase how gh0stEdit is able to poison an image in a way that is not picked up through static or dynamic scanning tools. We highlight the issues in the current approach to Docker image security and trust, and expose an attack method which could potentially be exploited in the wild without being detected. To the best of our knowledge we are the first to provide detailed discussion on the exploit of this vulnerability.

翻译：容器化是一种采用分层方法实现应用级虚拟化的流行部署流程。Docker是容器化领域的主要提供商，用户可通过Docker Hub平台提供Docker镜像，以共享和复用流行的软件应用容器。通过结合内置检查命令、公开显示的镜像层内容以及静态镜像扫描，Docker镜像的设计旨在确保终端用户在运行前能够清晰评估镜像内容。本文提出gh0stEdit——一种从根本上破坏Docker镜像完整性并颠覆其依赖的预设信任与透明度的攻击方法。gh0stEdit允许攻击者恶意编辑Docker镜像，且相关修改不会在镜像历史记录、层级结构或命令中显现。该攻击还可针对已签名镜像（Docker内容信任机制）实施，且不会使镜像签名失效。我们通过详细案例研究展示gh0stEdit如何污染镜像而不被静态或动态扫描工具检测。本文指出现有Docker镜像安全与信任机制存在的问题，并揭示了一种可能在真实环境中被利用且不被察觉的攻击方法。据我们所知，本研究首次对该漏洞的利用进行了系统性论述。