-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
If you have access to docker run you have root access on the host #1655
Comments
This was addressed in Docker 0.5.2. See #1417 and https://groups.google.com/forum/#!topic/docker-user/7j9quGgOtZQ. |
Yes the issue with the docker.sock file has been fixed that allowed everyone to have root access, but the security issue has not been fixed. a user can still break into root using docker. |
There was no docker.sock issue. In Docker 0.5.2 we switched from a port to a socket that's only accessible to root and users in the docker group to address the issue you've brought up. |
I am aware of this change, however I do not believe the problem has been solved ( #1417 was marked Closed ). With the latest build, if you are a member of the group docker you can gain root access. |
This is by design.
Meanwhile, the rationale is pretty clear: only trusted users should have |
I think this can be closed in favor of #1034. |
Steps to reproduce:
As a restricted user that has access to docker.
You now have a shell with full root access on the host
Purposed solution:
Docker should not run as root. Docker should have its own user/group that has very limited access. This is the approach that apache postresql and many others take.
The text was updated successfully, but these errors were encountered: