Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEC: Programs should run without filesystem write privileges #1410

Open
westurner opened this issue Dec 19, 2017 · 2 comments
Open

SEC: Programs should run without filesystem write privileges #1410

westurner opened this issue Dec 19, 2017 · 2 comments
Labels
docker

Comments

@westurner
Copy link
Contributor

westurner commented Dec 19, 2017
edited
Loading

Note: for support questions, please use the cookiecutter-django tag on stackoverflow. This repository's issues are reserved for feature requests and bug reports. If you need quick professional paid support for your project, contact [email protected].

  • I'm submitting a ...

    • bug report

  • Do you want to request a feature or report a bug?

I think this is a security vulnerability?

  • What is the current behavior?

Apps run as django or root in the docker containers. With these users, they have write permissions with which they could overwrite themselves, use raw sockets, etc.

  • If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem

docker-compose -f local.yml up

  • What is the expected behavior?

I think there should be a third user account (root, django (rw), 'app' (r)) with the least permissions necessary to run.

  • What is the motivation / use case for changing the behavior?

https://en.wikipedia.org/wiki/Principle_of_least_privilege

This is a really common error with Docker containers.
Just because it's in a container doesn't mean that just running as root is okay.

  • Please tell us about your environment:

https://pkgs.org/download/container-selinux

  • Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc)

Would adding a third user to a group with read permissions be sufficient?
It may require a bit of explanation for users that want to write to the filesystem:
they should be explicitly granting those privileges
because secure by default.
@westurner
Copy link
Contributor Author

westurner commented Dec 19, 2017
edited
Loading

See: #1304 "docker/celery exits because celery is run as root"

@jayfk
Copy link
Collaborator

jayfk commented Mar 20, 2018

First of all, just to make this clear for people stumbling upon this issue: This is about the development environment only. The production environment runs as non-root.

The main problem here is that this leads to a horrible development experience if implemented securely.

On questions like this, we really have to take a look at both sides: What's the exact threat and what do we loose if we do this in the most secure way possible.

I tend to think that in this case development comfort beats the need to make this as secure as possible. Don't forget that, even if you manage to gain shell access to the running root container, you still have to break out of it.

I'm happy to discuss this tough.

@demestav demestav mentioned this issue Oct 23, 2019
Open
@browniebroke browniebroke mentioned this issue Jul 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docker
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@westurner @browniebroke @jayfk