Docker image running as unknown user ID can delete root files

0 投票
最新提问 用户: (160 分)

Is this correct? A random user ID can delete a file owned by root?

docker run -ti -u 1001 debian:stretch I have no name!@2af53be18a40:/$ rm -f /etc/passwd I have no name!@2af53be18a40:/$ ls /etc/passwd ls: cannot access '/etc/passwd': No such file or directory

I think this used to work (i.e. permission denied), although I haven't tried that exact sequence of commands in the past. The results above are from Docker version 1.12.2, build bb80604 running on Stretch.

发表于 用户: (320 分)
Oddly, I can't replicate this behavior myself; running the same set of commands locally results in rm: cannot remove '/etc/passwd': Permission denied.
发表于 用户: (160 分)
May depend on Docker version; I've updated the question.
发表于 用户: (4.1k 分)
This is off-topic here I'm afraid, but deleting a file modifies the directory, not the file, so whether you can delete it depends on ownership and access rights of the directory that contains the file, and not the file itself.


0 投票
最新回答 用户: (160 分)

Happy to report that this is fixed in Docker 1.23!

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。