vincentcox
commented
9 years ago I recommend to use this only for testing purposes. I've put a webshell on the wordpress website (simulating an attack via a outdated wordpress plugin) and I got full access to the core-os/docker machine:
I'm trying to run this container with the "best practices" of https://github.com/docker/docker-bench-security, and this script shows me that docker-wordpress-nginx is running as root.
So if someone could hijack the wordpress, they would also get root and hijack everything else :D
Anyway, do you know how to this as a normal user instead of root?