Unauthenticated nomad instance

[am0o0]

google/tsunami-security-scanner-plugins#687
google/tsunami-security-scanner-plugins#694

[leonardo-doyensec]

Hello @am0o0.
Thank you for contribution. Can you please implement the testbed using Docker?

Feel free to reach out
~ Leonardo (Doyensec)

[am0o0]

@leonardo-doyensec Hello 👋
Im not sure about Docker since the Nomad need to have docker installed on the system, I'm not sure how it is possible.

[leonardo-doyensec]

What about https://hub.docker.com/r/hashicorp/nomad?

[am0o0]

Ok sorry, let me check further.

[am0o0]

@leonardo-doyensec, I had to use --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:rw switches to run the Nomad. If you have any other solutions, I'd like to learn :)

[giacomo-doyensec]

Hi @am0o0, I got it working without --privileged just like this

docker run --rm -it \
  -v /sys/fs/cgroup:/sys/fs/cgroup:rw \
  -p 4646:4646 \
  hashicorp/nomad:1.10 \
  agent -dev -bind 0.0.0.0 -network-interface='{{ GetDefaultInterfaces | attr "name" }}'

Could you also provide a safe version of the testbed?
Thanks and feel free to reach out!

[am0o0]

@giacomo-doyensec I appreciate your thorough solution.

@robert-doyensec, I think this PR is ready for review now.

[robert-doyensec]

Hi @am0o0 , sorry for the confusion. I ran into issues confirming the vulnerability with the provided testbed -- it does seem necessary to use --privileged and an exposed docker mount -v /var/run/docker.sock:/var/run/docker.sock when using the docker driver. Additionally, it doesn't seem to work when running on apple silicon due to failure to get the CPU usage. Can you update the README to reflect these, and add a small warning that the container is privileged?

[robert-doyensec]

Minor changes for clarity