Potential Security Vulnerability with Docker User Privileges

[singhragvendra503]

I've encountered what seems to be a potential security vulnerability in Docker. I'm unsure if this behavior is intended or if it qualifies as a bug.

I'm working on creating a standard user without sudo permissions and adding them to the Docker group. However, even though this user lacks sudo privileges, I've noticed that I can run an Ubuntu container and mount /etc/sudoers. Surprisingly, I'm able to edit this file within the container and grant superuser privileges to the previously restricted user.

This raises concerns about the integrity of user privileges within Docker containers and their potential exploitation. I'd appreciate any insights or guidance on whether this behavior is expected or if it poses a security risk.

Thank you for your attention to this matter.

docker run -it --rm   -v /etc/sudoers:/etc/sudoers ubuntu:22.04 /bin/bash

https://medium.com/@singhragvendra503/secret-ubuntu-shortcut-bypass-root-elevate-privileges-like-a-pro-87759b778918

[nicks]

Thanks for the report! Yes, as the following docs explain, the docker group grants root-level privileges to the user.

https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user
https://docs.docker.com/engine/security/#docker-daemon-attack-surface