Excessive Privileges

Excessive Privileges - Docker

Description

The containers executed in the application do not properly restrict the privileges of the users, executing tasks with root user instead of a custom user.

Impact

Gain total control of the container.

Recommendation

- Restrict the privileges of the user that execute instructions inside the container. - Avoid the use of the root user as default user.

Threat

Authenticated attacker with local access to the container.

Expected Remediation Time

⏱️ 15 minutes.

Details

https://docs.docker.com/engine/reference/builder/#user

Requirements

095 - Define users with privileges 096 - Set user's required privileges 186 - Use the principle of least privilege

Fixes

Docker