subuser icon indicating copy to clipboard operation
subuser copied to clipboard

Published 20 hours ago verified publisher icon subuser-security

subuser should not promt for user password

Open m1ch opened this issue 7 years ago • 3 comments

Hi,

from security perspective a program should never ask for you user password. Please integrate a check, that ends subuser if run with insufficient privileges. It is not even necessary to run docker with sudo anymore as you can add yourself to the docker group.

m1ch avatar Nov 08 '17 20:11 m1ch

If you don't wish to enter your password every time you can put yourself in the docker group, but if you are administering a system that other people use, you do NOT want to put them into the docker group because that is effectively putting them into wheel or adm or sudo because running a container can give them root equivalent permissions.

This is precisely why Docker themselves in their documentation offer the option of running sudo docker run somecontainer or putting yourself in the docker group to avoid the password prompt from sudo. If you are running subuser in a manner that requires root privileges and aren't in the Docker group, then the system REQUIRES you to follow the established norms of requiring the user to enter their password to ensure they are authorized to execute the command (not necessarily as root, just as a user that can perform whatever operation is required), and is often required to change certain files that can't be accessed by normal users like /etc/hosts or other system wide configs.

dragon788 avatar Jul 02 '20 22:07 dragon788

You wrote it yourself:

This is precisely why Docker themselves in their documentation offer the option of running sudo docker run somecontainer

Docker, and better Linux, is offering to raise privileges via the sudo command. I don't know if it is still the case, but in 2017 subuser was actively asking for the users' password to do a sudo internally. IMHO this should never be done by a user space program. Instead, add a check if the program was started with sufficient privileges. (e.g: check if started via sudo subuser, or if user is in docker group).

m1ch avatar Jul 04 '20 08:07 m1ch

why is it wrong to run sudo internally? The only difference is saving the user the trouble of typing sudo. Subuser was never processing the password as a string or accepting the keystrokes itself

timthelion avatar Jul 04 '20 09:07 timthelion