Docker-alpine: Unprivileged user can gain root privileges

Created on 18 Aug 2015 · 6Comments · Source: gliderlabs/docker-alpine

I'm not sure how the wheel group is treated in docker-alpine but why does it exist if one can gain root privileges without being member of it?

# docker run -i -t --name="test" alpine /bin/sh
/ # adduser -S testuser
/ # groups testuser
nogroup

# docker start test

# docker exec -it --user=testuser test /bin/sh
/ $ whoami
testuser
/ $ su
/ # whoami
root
/ # groups testuser
nogroup
/ # groups root
root bin daemon sys adm disk wheel floppy dialout tape video
/ #

In ubuntu-docker this does not work.

Source

w194

Most helpful comment

I think its unfair to blame gliderlabs for this one. It was my mistake.

ncopa on 9 May 2019

❤2

All 6 comments

That just means root has an empty password; the wheel group only matters for the sudo command.

yosifkit on 21 Aug 2015

Correct. This is the difference to the containers CentOS and Ubuntu where the root password is disabled by default.

Solution is here: https://github.com/gliderlabs/docker-alpine/issues/56
just remove the root account completely when you use alpine, it isn't needed anyway.

w194 on 21 Aug 2015

why we dont remove root passwd by default in alpine?
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782

zakkg3 on 9 May 2019

See https://github.com/gliderlabs/docker-alpine/pull/511

tianon on 9 May 2019

❤1

@zakkg3 just delete root user or use another image. don't expect gliderlabs to fix this considering how often this bug was re-introduced...
there are at least 3 issues about this bug. i wouldn't trust this image at all.

w194 on 9 May 2019

I think its unfair to blame gliderlabs for this one. It was my mistake.

ncopa on 9 May 2019

❤2

Was this page helpful?

0 / 5 - 0 ratings