New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Issue] Docker containers' processes run as root #100
Comments
since there are no complex entry points, it should be trivial to set uid/gid manually when starting the container |
Maybe updating readme with note about setting uid/gid when starting the container would be enough? |
@stek29 if you are going to suggest how to update the readme I'm happy to do it (you can do as well opening a PR) |
That's total nonsense. A Docker image should not be insecure by default. It's considered a best practice to avoid running as root when it's totally unneeded. You can always override the uid/gid, but that's nothing you should have to do to make using a Docker image safe. Docker environments aren't as isolated as, say, a VM. root can do a lot of harm, even from a container. Implementing what I suggested is really trivial and increases safety a lot. I would've done it months ago. However, I've never seen a reply like, "ok, let's do it" or "would you be willing to do it". https://engineering.bitnami.com/articles/why-non-root-containers-are-important-for-security.html Running as root is only ever a good idea if a tool is specifically meant for that and implements the right protection measures. I'm thinking about apache2, which drops privileges properly for worker processes, or special init daemons that also do this right. Random software should never be run as root for no reason. This applies outside Docker images just like it applies inside them. |
please, @TheAssassin keep it respectful :) feel free to open a PR, I'm sorry you were expecting a confirmation for this on my side. If I knew you were I would have given when you opened the issue :) |
How do you call nonsense nonsense otherwise? I'm not a fan of seeing security concerns not taken seriously or, worse, calling it a user's problem. Blaming the user is always easier than solving an issue properly. This is not a matter of preference or opinion anyway. The principle of least privilege is well established in IT security. I'll file a PR soon-ish. |
(This is the proposal mentioned in #85 (comment).)
At the moment, the processes in the Docker containers run as root. This is a security problem, as Docker's isolation is not perfect and there's a lot of exploits that could make a root user break out of the container (it's way less of an issue for some random users which are ideally not existing on the host system).
Some links I picked up quite some while ago:
I don't have the time to fix and test this right now. PRs welcome, I guess.
Some drawbacks I experienced earlier which I don't want to withhold (might be useful for the person creating the fix):
(If I should remember any other ones, I'll post them here.)
You can make it easier for anyone if you pick a very high user ID for the Docker container processes, anything above 10000 should suffice.
The text was updated successfully, but these errors were encountered: