Package: docker.io
Version: 0.11.1~dfsg1-1
Severity: normal

Docker, at least as currently available in Debian, seems not to
provide any form of user id isolation between containers and the host
system.

For example, if I install apache inside a docker container, and also
install it in the host system, then they will both run as www-data, uid
33. If the apache on the host system is compromised, it can then attack
the apache process running inside the docker container, which has the
same uid. As a simple example, it can kill the process.

<puts palm on temple> I am receiving a message from the docker.io
maintainers. They say, "don't do that then!" <raps table>

Well, I did that because this didn't seem to be documented anywhere.
The docs just say that docker provides a container with isolation.

Documenting in README.Debian that the host system should be kept
minimal, like a Xen dom0 tends to be kept minimal, might help avoid this
kind of mistake. Probably worth mentioning that if you have a regular
uid 1000 user in the host system, they can mess with any containers that
themselves have a regular uid 1000 user.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.10-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages docker.io depends on:
ii  adduser              3.113+nmu3
ii  init-system-helpers  1.18
ii  iptables             1.4.21-2
ii  libapparmor1         2.8.0-5+b1
ii  libc6                2.18-7
ii  libdevmapper1.02.1   2:1.02.85-1
ii  libsqlite3-0         3.8.4.3-3
ii  perl                 5.18.2-4

Versions of packages docker.io recommends:
ii  aufs-tools       1:3.2+20130722-1.1
ii  ca-certificates  20140325
ii  cgroupfs-mount   1.0
ii  git              1:2.0.0~rc4-1
ii  xz-utils         5.1.1alpha+20120614-2

Versions of packages docker.io suggests:
pn  btrfs-tools  <none>
ii  debootstrap  1.0.60
pn  lxc          <none>
pn  rinse        <none>

-- no debconf information

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply via email to