Docker security

From Mike's wiki
Revision as of 10:51, 4 January 2023 by Mike (talk | contribs)
Jump to navigation Jump to search

Docker is actually a major security risk on a system where you allow users to start and stop docker containers. A docker container per default uses root as the running user, and thus starting a docker container using some trickeries as a normal user, will compromise system security..

For instance if I wish to compromise system passwords, I can simply do 

mike@Server:~/docker$ docker run --rm  -v /etc:/mnt/etc/   httpd:2.4 cat /mnt/etc/shadow
root:(obfuscated by author)::0:99999:7:::
bin:*:18358:0:99999:7:::
daemon:*:18358:0:99999:7:::

This should NEVER be possible for a user to access private files, a simpilar proces could be used to create a new root user, with a known password, thus elevating a user to root user.

Thus you must remember that any memer of the "docker" group, is per defintiion now root on your system.

Retrieved from "https://wiki.ttsh.dk/index.php?title=Docker_security&oldid=6"