Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running as root weakens container isolation #210

Open
rbtcollins opened this issue Jun 8, 2017 · 1 comment
Open

Running as root weakens container isolation #210

rbtcollins opened this issue Jun 8, 2017 · 1 comment
Labels
help welcome
Milestone
Triage

Comments

@rbtcollins
Copy link

The dd agent build runs as root rather than a dedicated user. Running as root in a container grants root access to anything mapped into the container (e.g. the docker socket and system calls).

While its arguably a low risk,, the dd agent is indirectly attackable (e.g. via log grepping parsers etc) - and so we'd prefer to be running it as a dedicated non-root user with just the minimum privileges needed.
@xvello xvello added this to the Triage milestone Jul 25, 2017
@xvello xvello self-assigned this Jul 25, 2017
@xvello
Copy link
Contributor

xvello commented Jul 25, 2017

Hi @rbtcollins,

We have identified this in our backlog, but this might break compatibility for several deployment special cases, which is why we decided not to go with it for agent 5.
As we are hard at work on the next major version of the agent, running unprivileged is in the roadmap for agent 6.

Regards

@xvello xvello removed their assignment Jul 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help welcome
Projects
None yet
Milestone
Triage
Development

No branches or pull requests
2 participants
@rbtcollins @xvello