Highly dangerous system compromise when using info-docker script

Question

Highly dangerous system compromise when using info-docker script

kristianvld opened this issue 5 years ago · 1 comments

The info-docker script recommends to set the following in /etc/sudoers:

user ALL=(ALL) NOPASSWD: /usr/bin/docker

This is super super bad! Giving any user access to the docker command is equivalent with giving that user full root access to your whole system. And even worse, with the above setup you are giving full root access to all users on the entire system!

Most people following these tutorials are probably not aware of this when using docker and will just blindly add this to their system configs without thinking too much of it.

Recommended fix:

Make the docker-container.sh script only writable by root and give it the executable permission, something like chmod 500 docker-container.sh should be fine. Then add this to the /etc/sudoers file instead:

user YOUR_USERNAME=(ALL) NOPASSWD: /path/to/docker-container.sh

Then in the module, do something like:

[module/info-docker]
type = custom/script
exec = sudo /path/to/docker-container.sh
interval = 60

This way only the docker-container script can be executed by root, and since it is only writable by root, it should not be possible to further exploit this.

Answer 1 · 2020-09-01T12:32:16.000Z

Thanks for that hint. I am with you. This is a bad idea.
On the other hand you always need your own brain when it comes to security on the system.

I think it would at least make sense to restrict the commands to the required args:

user ALL=(ALL) NOPASSWD: /usr/bin/docker ps -qf status=running