search

DistributedTaskScheduling / JobAdder

Source code of the JobAdder project
GNU General Public License v3.0
2 stars 1 forks source link

Mount points insecure #202

Open JohannesGaessler opened 4 years ago

JohannesGaessler commented 4 years ago

Mount points are currently insecure because there are no restrictions on what users can mount in their container. Mount points should be restricted to the user's home directory and a whitelist provided by the server.

fklemme commented 4 years ago

I'm not sure if this is a problem, as the user cannot specify docker arguments and thus not force to run the container as root user.

So this is bad:

docker run -v /root:/forbidden ubuntu bash -c "id; touch /forbidden/thing; ls /forbidden"
uid=0(root) gid=0(root) groups=0(root)
thing

But this is fine:

docker run --user "$(id -u):$(id -g)" -v /root:/forbidden ubuntu bash -c "id; touch /forbidden/thing; ls /forbidden"
uid=1000 gid=1000 groups=1000
touch: cannot touch '/forbidden/thing': Permission denied
ls: cannot open directory '/forbidden': Permission denied

And I believe the process is also running as that user from the hosts perspective. I'm not sure though what happens if the containers has sudo installed. So wether the process will become owned by root on the host if the user does sudo on the inside.