trailofbits.generic.container-user-root.container-user-root
trailofbits
Author
unknown
Download Count*
License
Found container command running as root
Run Locally
Run in CI
Defintion
rules:
- id: container-user-root
message: Found container command running as root
languages:
- generic
severity: WARNING
metadata:
category: security
subcategory:
- audit
technology:
- shell
cwe: "CWE-250: Execution with Unnecessary Privileges"
confidence: MEDIUM
likelihood: MEDIUM
impact: HIGH
references:
- https://docs.docker.com/engine/reference/commandline/run/
license: AGPL-3.0 license
vulnerability_class:
- Improper Authorization
pattern-either:
- pattern: docker ... -u root
- pattern: docker ... -u 0
- pattern: docker ... --user root
- pattern: docker ... --user 0
- pattern: podman ... -u root
- pattern: podman ... --u 0
- pattern: podman ... --user root
- pattern: podman ... --user 0
Examples
container-user-root.sh
#!/bin/bash
# ruleid: container-user-root
docker run -u root hello-world
# ruleid: container-user-root
podman run --user root hello-world
# ok: container-user-root
docker run hello-world
# ok: container-user-root
podman run hello-world
Short Link: https://sg.run/lBKyB