Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#42170 - [docker] Unintended/unexpected privilege escalation to root privilege
Attached to Project:
Community Packages
Opened by Quentin (kashkash) - Monday, 29 September 2014, 06:52 GMT
Last edited by Sébastien Luttringer (seblu) - Tuesday, 30 September 2014, 17:59 GMT
Opened by Quentin (kashkash) - Monday, 29 September 2014, 06:52 GMT
Last edited by Sébastien Luttringer (seblu) - Tuesday, 30 September 2014, 17:59 GMT
|
DetailsDescription:
Unintended/unexpected privilege escalation to root privilege from the docker package. Additional information: Docker version: Client version: 1.2.0 Client API version: 1.14 Go version (client): go1.3.1 Git commit (client): fa7b24f OS/Arch (client): linux/amd64 Server version: 1.2.0 Server API version: 1.14 Go version (server): go1.3.1 Git commit (server): fa7b24f OS: Linux 3.16.3-1-ARCH #1 SMP PREEMPT Wed Sep 17 21:54:13 CEST 2014 x86_64 GNU/Linux Steps to reproduce: 1) Folow the installation process https://wiki.archlinux.org/index.php/Docker#Installation 2) Folow the configuration process https://wiki.archlinux.org/index.php/Docker#Configuration 3) Logout and logon the user member of docker 4) docker pull image debian:latest 5) issue: docker run -t -i -v /:/host-root /bin/bash 6) You are root on your host FS without any sudo, just because you are member of docker 7) Modify /etc/passwd and /etc/shadow to set a root account Patch or warning: - Do not allow docker to be issued without sudo - Warn the users in the Wiki page that members of "docker" must be more than trusted and can get root access on the host machine |
This task depends upon
Closed by Sébastien Luttringer (seblu)
Tuesday, 30 September 2014, 17:59 GMT
Reason for closing: Not a bug
Tuesday, 30 September 2014, 17:59 GMT
Reason for closing: Not a bug
Read this for more information: http://docs.docker.com/articles/security/