- What is timemachine?
=timemachine= is a tool that automatically creates a Docker image of a Debian base
system at a specific time in the past.
- Why do we need timemachine?
=timemachine= is used to reproduce security vulnerabilities. In order to do so,
a system with a specific package version, e.g., the vulnerable =glibc 2.9= in
the CVE-2015-7547, and more importantly its dependencies must be constructed.
However, the current Debian package repositories are always up-to-date, e.g.,
containing the patched version of =glibc=.
- How does it work?
timemachine uses the Debian's =debootstrap= utility to create a Docker image of
a base Debian system at a specific time in the past, e.g, 20151231, such that
the base system contains the vulnerable version of a specific package, e.g.,
=glibc 2.9=. To make sure dependencies of the package are consistent, the base
system is configured to fetch dependencies from a Debian snapshot repository.
timemachine can run on any host supporting docker.
** Generate a Docker image of a base Debian system
Three required parameters are:
- Output directory on the host holding the generated Docker image, e.g., =/tmp/timemachine=
- Debian distribution such as =jessie, wheezy, squeeze, lenny=
- datetime in YYYYMMDD format, e.g., =20151231=
$ docker run -t --rm --privileged \
-v /tmp/timemachine/:/tmp/timemachine/ \
Image created! Import by: docker import /tmp/timemachine/jessie-20151231.tar jessie:20151231
The resulting docker image =jessie-20151231.tar= is stored in a mounted
directory on the host, e.g., /tmp/timemachine. Note: if you need to change the output
directory on the host, use the =-v= flag as folows: =-v <output dir on the host>:/tmp/timemachine/= (Don't modify the part after the colon!).
** Import the image into Docker
$ docker import /tmp/timemachine/jessie-20151231.tar jessie:20151231
** Run the created image
$ docker run -ti jessie:20151231 cat /etc/apt/sources.list
deb http://snapshot.debian.org/archive/debian/20151231T000000Z jessie main
Phuong Cao <pcao3 at illinois dot edu>