search

amir20 / dozzle

Realtime log viewer for docker containers.
https://dozzle.dev/
MIT License
6.15k stars 308 forks source link

Implied security by using non-working `:ro` for `docker.sock` #3088

Closed bluepuma77 closed 3 months ago

bluepuma77 commented 3 months ago

The Github README.md shows this piece of code:

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro

It implies that the docker.sock is used in read-only mode. In reality the :ro only works for files, but not for sockets.

The socket is like a http connection, dozzle sends GET requests to the socket to get results back from the daemon, so it is used two-ways, by no means it is read-only. The attack vector is that a potential hacker into the dozzle container could 1) read sensitive data like credentials in env and 2) use POST to do anything with containers (kill containers, run containers to extract data, run cryptominer, etc).

For real limited GET and no POST functionality, a docker-socket-proxy needs to be used. But be aware that with another component, you also increase your attack surface. Make sure to trust the supplier, code and build pipeline.

My recommendation is to simply remove the :ro from the doc as it has no effect. It implies security that does not exist.

amir20 commented 3 months ago

That was never added by me. Someone else added read only which doesn't do anything.

Send a PR to remove it.

bluepuma77 commented 3 months ago

My first PR ever 🥳

https://github.com/amir20/dozzle/pull/3090