Docker is one of the most used containerization platforms and is highly loved among software engineers. It comes with a powerful CLI tool for managing Docker containers and other related tasks.
By default, you need root privileges to run any Docker-related commands on Linux. Of course, you can change this for convenience and run Docker commands without root privileges, but you should be aware of the security implications.
What Is the Docker Attack Surface?
An attack surface is the number of attack points, more like the number of windows, that a malicious user can use to gain entry into your system and cause havoc. As a rule of thumb, IT systems should have minimal attack surfaces to reduce security risks.
In general, Docker’s attack surface is very minimal. Containers run in a secure isolated environment and do not affect the host operating system unless otherwise. In addition, Docker containers only run minimal services which makes it more secure.
You can configure your Linux system to control Docker without sudo privileges. This can be convenient in development environments but can be a serious security vulnerability in production systems. And here’s why you should never run Docker without sudo.
1. Ability to Control Docker Containers
Without the sudo privileges, anyone that has access to your system or server can control every aspect of Docker. They have access to your Docker log files and can stop and delete containers at will, or accidentally. You could also lose critical data which is vital for business continuity.
If you are using Docker containers in production environments, downtime results in a loss of business and trust.
2. Gain Control of the Host OS Directories
Docker Volumes is a powerful service that allows you to share and persist container data by writing it to a specified folder on the host OS.
One of the biggest threats that running Docker without sudo presents is that anyone on your system can gain control of the host OS’s directories, including the root directory.
All you have to do is run a Linux Docker image, for example, the Ubuntu image, and mount it on the root folder using the following command:
docker run -ti -v /:/hostproot ubuntu bash
And since Linux Docker containers run as the root user, it essentially means that you have access to the entire root folder.
The aforementioned command will download and run the latest Ubuntu image and mount it on the root directory.
On the Docker container terminal, go to the /hostproot directory using the cd command:
Listing the contents of this directory using the ls command shows all files of the host OS which are now available in your container. Now, you can manipulate files, view secret files, hide and un-hide files, change permissions, etc.
3. Install Malicious Software
A well-crafted Docker image can run in the background and manipulate your system or gather sensitive data. Worse still, a malicious user could spread malicious code on your network via Docker containers.
There are several practical use cases of Docker containers, and with each application comes a different set of security threats.
Secure Your Docker Containers on Linux
Docker is a powerful and secure platform. Running Docker without sudo increases your attack surface and makes your system vulnerable. In production environments, it is highly recommended that you should use sudo with Docker.
With so many users on a system, it becomes extremely hard to assign permissions to each user. In such cases, following the best access control practices can help you maintain the security of your system.
Read the full article here