aligned_layer icon indicating copy to clipboard operation
aligned_layer copied to clipboard
Published 1 month ago verified publisher icon yetanotherco

fix(docker): Docker files have excessive privileges

Open PatStiles opened this issue 1 year ago • 0 comments

Overview:

The Docker files don't use the USER directive to specify the user that the image should run as. By default, Docker runs the image as the root user. This can lead to privilege escalation attacks.

Mitigation:

Use the USER directive to specify the user that the image should run as.

For example with the explorer/Dockerfile

# https://hub.docker.com/_/postgres
FROM postgres:16.3

# Environment variables
ENV POSTGRES_USER=explorer_user
ENV POSTGRES_PASSWORD=explorer_pass
ENV POSTGRES_DB=explorer_db

# Expose the default PostgreSQL port
EXPOSE 5432

# ? The postgres image runs as the postgres user by default https://hub.docker.com/layers/library/postgres/16.3/images/sha256-10a028bdde46f9ac6786a8609b16672a7d0d141d6cbe776f7fbad5e82f4fca3a?context=explore
USER postgres

PatStiles avatar Sep 19 '24 15:09 PatStiles