It is possible remotely if you have one of those docker images (e.g. all those CI/CD tools) that need to start further docker containers and therefore need access to the docker unix domain socket, which is mounted into the docker image with a regular volume mount. Once a docker image has access to this socket and thus control over the daemon, it can download an start arbitrary containers and pass them directories like /etc and /root as volumes.
I have not yet tested it, but since 20.10 ubuntu also has a podman package, which is said to be more secure since podman doesn't have a daemon and can run in rootless mode where users can start their container, but the container is restricted to the user's permissions, i.e. there is no privilege escalation (at least they claim there is no). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1923148 Title: docker.io opening root access when user is in docker group To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1923148/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
