Docker security - Not so perfect as it seems...

I'm really like docker. It solves the dependency problem in a really nice way, but it adds some ways to break linux security. I think a system is more secure without a docker running as root. But there are ways to control this vulnerabilities, and the great deploy mechanism would be used in production environments.

What is the point ?

Docker daemon run as root. The containers itself runs by docker daemon, so even if you run in a user in docker group, it run as root too. Don't believe me ? try it:

glaudiston:~$ docker run -ti -v /:/tmp ubuntu:14.04 touch /tmp/dockertest
glaudiston:~$ ls /dockertest -l
-rw-r--r-- 1 root root 0 Jun 27 08:50 /dockertest
glaudiston:~$ docker run -ti -v /:/tmp ubuntu:14.04 rm /tmp/dockertest
glaudiston:~$ ls /dockertest -l
ls: cannot access /dockertest: No such file or directory

And more, with docker you can set files to run with setuid permissions, those files can give you root premissions. Look at:

http://reventlov.com/advisories/using-the-docker-command-to-root-the-host

While this can be sufficient to worry too many security guys, there is ways to prevent this disaster.

If you want to prevent your docker user to get host root access, the first thing is to know, that DOCKER IS NOT A SECURITY SANDBOX.

I Did not recommend you to run a untrusted process as root inside a docker container.

If you want to give root to your docker user, you need to ensure that he will not have any way to send files to host, avoiding virtual shares ( -v ) with the hosts file system is main way. Of course this means that your docker user can not run "docker run" command, so you need to manage this.

Another tip: You can run docker on a chroot environment by a script that cleanup any files. But chroot environment isn't that secure. http://pentestmonkey.net/blog/chroot-breakout-perl

Because of it's security flaws docker options are coming to light: http://siliconangle.com/blog/2014/12/02/coreos-launches-container-wars-with-rival-tech-to-fight-docker/, https://coreos.com/blog/rocket/. I'm not so sure if it is more secure than docker because it runs as root anyway.

I'm afraid docker brings linux to great vulnerability. This is because for now, I can't see any really full secure way to run it. A.K.A. run containers without the root.

Maybe running it inside a vangrant or virtualbox vm, but it lost too many benefits from docker performance.

What I see is that doesn't matter, if the process run as root, the host are vulnerable.

There is a point, yes docker is vulnerable, but, if you do control how docker is started, how virtual shares as mapped and what docker user can do on host, you can increase security. Not perfect, but more than nothing.

The real question for me now is, the docker benefits is greater than docker flaws ? I'm sure for development and non critical applications, but I'm not so sure for real productions serious environments.

Comentários

Postar um comentário

Postagens mais visitadas