nh-mike
commented
1 year ago That't not malicious code, you've made a mistake in your config. You should NEVER map your sudoers file to a container. Or any host configuration for that matter. None of it is relevant to the container and it can and probably will break your host system.
The container has a list of it's own users which is separate from that of the host. The sudoers file in the container has no connection to the sudoers file of the host. It was meant to modify the sudoers from the container, not from the host. The problem is more likely than not that it does not have the permissions (chmod) required to read or (more likely) write to the sudoers file.
I recently pulled the latest version of all docker containers on my installation and utorrent quit working. It failed because it didn't have access to /etc/sudoers directory. Like an idiot, and because I was in a hurry, I just mapped it so I could take a look at the problem later. Now is later. Malicious code has been added to the :latest image. :ubuntu-20.04 doesn't appear to be affected. I don't have the time to figure out what code was added, but I got the below message from my router.
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY curl User-Agent Outbound"; flow:established,to_server; http.user_agent; content:"curl/"; nocase; startswith; reference:url,www.useragentstring.com/pages/useragentstring.php; classtype:attempted-recon; sid:2013028; rev:7; metadata:created_at 2011_06_14, updated_at 2022_05_03;)
Be careful.