CVE CyberSecurity Database News

CVE-2023-0778 - How Podman’s Volume Export TOCTOU Flaw Exposes Host Files

Poster -

Podman is one of the most popular open-source container engines, widely used as an alternative to Docker. Like any complex software, it’s not immune to security holes. In early 2023, a time-of-check time-of-use (TOCTOU) vulnerability was found in Podman. This bug, tracked as CVE-2023-0778, is especially dangerous because it lets a clever attacker break out of the container and read arbitrary files from the host system—potentially grabbing SSH keys, config files, or sensitive data.

This post will explain, step-by-step, how the vulnerability works, show some exploit code, and discuss defenses. No complicated jargon—just a clear, hands-on explanation.

What is TOCTOU?

First, let’s quickly explain TOCTOU (“time-of-check to time-of-use”). It’s a type of race condition that happens when a program checks something (like a file) and then, later, does something with it—without protecting against changes in between.

In practical terms: suppose a program checks if a file is safe, but an attacker switches the file for a malicious one right after the check but before the use. This gap is where TOCTOU bugs sneak in.

The Bug: Podman’s Volume Export

Podman allows mounting volumes—folders or files from the host—into containers. Sometimes, you want to export the contents of these volumes for backup or other use. Podman offers podman volume export.

When exporting, Podman pulls the volume content from the container back onto the host. Podman tries to ensure that it deals with real files (not links) to prevent security problems.

But here’s where the TOCTOU flaw bites. Podman first checks if an item in the volume is a file or symlink. If it’s a regular file, it proceeds to use (read) it and include it in the exported archive. But nothing stops an attacker (inside the container) from swapping the file for a symlink between these steps.

If the attacker races quickly enough, they can replace the checked file with a symlink pointing to any file on the host. Podman will then happily include the *host’s* file in the exported archive!

Let’s see how this looks in practice.

Suppose Alice is running a Podman container, and inside, a (malicious) user controls a bind-mounted directory. They want to export the container’s volume to get hold of the host’s /etc/shadow file—a classic target.

Basic Exploit Steps

1. Create a regular file in the volume (say, /mnt/vol/exportme).
2. Start a race: Wait until Podman starts exporting and then quickly replace exportme with a symlink to the targeted host file (e.g., /etc/shadow).
3. Podman finishes the export and inadvertently archives the host’s /etc/shadow under the name exportme.

Example Exploit Code (inside the container)

#!/bin/bash

# Start with a regular file
touch /mnt/vol/exportme

# Wait for the file to be 'checked' by Podman, then replace with symlink
(
  sleep 1
  rm /mnt/vol/exportme
  ln -s /etc/shadow /mnt/vol/exportme
) &

# Kick off export on the host (in parallel)
# On the host: podman volume export myvolume > export.tar

wait

If the timing is right, export.tar will contain the host’s /etc/shadow disguised as exportme.

Note: Exploiting this in the real world may take several tries or require precise timing, but it is doable.

Original References

- Red Hat CVE page for CVE-2023-0778
- Podman Security Advisory
- Mitre CVE Record

Why This Matters

Containers are supposed to separate applications from the host and from each other. Bugs like this can break that separation, exposing sensitive files and secrets.

Even non-root users inside containers could exploit this unless the container is very tightly locked down.

Fixes and Mitigation

Podman fixed this by making sure that files are checked and immediately used, preventing the attacker from racing in between.

If you use Podman:  
- Update to Podman 4.4.1 or later (or the version provided by your Linux vendor with a security backport).

Don’t let untrusted users write to shared volumes.

- Use the no symlink follow update or similar hardening.

Conclusion

CVE-2023-0778 is a textbook example of how a small race window can have huge impacts on security. With the right timing, an attacker can reach outside their container and steal sensitive host files.

Always keep containers and their tools updated, watch access to shared folders, and remember: even “safe” container setups can have holes. Stay informed and stay patched!


Read more:  
- Podman volume documentation  
- Race conditions — Wikipedia

Timeline

Published on: 03/27/2023 21:15:00 UTC
Last modified on: 04/03/2023 16:59:00 UTC