The Docker doc spells out that there are security concerns of adding a user to the docker group. Unfortunately, they do not precisely give what the concern is. I guess that is a "security-by-obscurity" approach trying to avoid bad things. Practice show this isn't useful: the bad guys know anyways, and the casual user has a bad time understanding the actual risk involved.
It is considerable, so let me explain at least one risk (I have not tried exhaustively check security issues): The containers are usually defined to run as root user. This permits you to bypass permission checks on the host.
Let’s assume a $USER is inside the docker group and otherwise has just installed docker. So he can run
$ docker run -v/etc:/malicious -ti --rm alpine
# cd /malicious
# vi sudoers
.... edit, write ...
# ctl-D
As such, the user can modify system config that he could not access otherwise. It’s a real risk. If you have a one-person “personal” machine/VM where the user has sudo permissions in any case … I’d say it’s no real issue.
The story is a different one on e.g. a CI machine. It's easy to inject bad code into public pull requests, and so it'll run on the CI platform. Usually (before spectre/meltdown...), this was guarded by the (low) permissions of the CI worker user (if you run CI with a sudo-enabled user ... nothing changed). When you enable it to use docker, you now get this new class of attack vector. Don't get me wrong: I do NOT advocate against using docker in CI. Right the opposite, it's an excellent tool there. I just want to make you aware that you need to consider and mitigate another attack vector.
The post docker group security risk appeared first on Security Boulevard.
from docker group security risk
No comments:
Post a Comment