search

ZizzyDizzyMC / linx-server

Self-hosted file/code/media sharing website. ~~~~~~~~~~~~~~~~~~~ Powers https://put.icu
GNU General Public License v3.0
208 stars 32 forks source link

Security potential problem... #35

Closed tonyb1974 closed 1 year ago

tonyb1974 commented 1 year ago

Running as user "nobody" is not secure even if most people think so. It seems it should be better to have a linx user in a linx group with minimal rights on the whole container or host

Please read this: https://wiki.ubuntu.com/nobody

and this: "

In many Unix variants, "nobody" is the conventional name of a user account which owns no files, is in no privileged groups, and has no abilities except those which every other user has.

It is common to run daemons as nobody, especially servers, in order to limit the damage that could be done by a malicious user who gained control of them. However, the usefulness of this technique is reduced if more than one daemon is run like this, because then gaining control of one daemon would provide control of them all. The reason is that nobody-owned processes have the ability to send signals to each other and even debug each other, allowing them to read or even modify each other's memory.

" at this adress: https://en.wikipedia.org/wiki/Nobody_(username)

Here is the complete discussion I read first: https://askubuntu.com/questions/329714/what-is-the-purpose-of-the-nobody-user

Hope this helps Best regards

BBaoVanC commented 1 year ago

It should make no difference because it is running inside Docker, which acts as a sandbox

tonyb1974 commented 1 year ago

Hello, Not really true I think... I have made a lot of changes since the first docker trye but It seems the mounted volumes under something like this : /var/snap/docker/common/var-lib-docker/volumes/

were owned by the user 65534 group 65534 (nobody) on the host itself... So a host running application with running user "nobody" could eventually gain access to the volumes of some containers using nobody user like this one... I am not a security expert but I think this could be dangerous.

Let me know if you still think it is nothing to care about Thanks for your attention Best regards

BBaoVanC commented 1 year ago

I see, I originally thought you were thinking of a program inside a different container also running as nobody.

If I look at /var/lib/docker/ (probably /var/snap/docker/common/var-lib-docker/ for you), I can see that the directory is owned by root, and has permissions drwx--x---, so anyone that's not root has no permissions (especially to traverse the directory, which is x). That should mean[^stackquestion] that no one is able to access anything at all that's below the Docker directory.

Although even if it still was an issue, then using a different user inside the container might still not work, because the UID in the container might coincide with a real user on the host (for example, uid 1000 was used for the user in one of my containers, but that corresponds to my actual personal user on my host).

[^stackquestion]: See this answer: https://unix.stackexchange.com/a/13891/525130

tonyb1974 commented 1 year ago

Ok, thanks for your answer and reference document. ;-) Seems ok then. I close the issue then. Best regards