search

traefik / whoami

Tiny Go server that prints os information and HTTP request to output
https://traefik.io
Apache License 2.0
1.04k stars 223 forks source link

Last user should not be root #46

Closed 030 closed 3 years ago

030 commented 3 years ago

This could be mitigated by creating a traefik-whoami user in the build-stage and subsequently copy it to the last-stage, e.g.: https://github.com/030/bcbsn/blob/master/Dockerfile

ldez commented 3 years ago

https://github.com/traefik/whoami/blob/master/Dockerfile

The root requirement is not related to the build stage.

030 commented 2 years ago 
# Create a minimal container to run a Golang static binary
FROM scratch

COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /go/whoami/whoami .

ENTRYPOINT ["/whoami"]
EXPOSE 80

I do not see any USER entry here, so the user is root in the traefik/whoami container.