Root In Container

Switching to the root user introduces specific security risks if an attacker gains access to the container. To address this, revert to a non-privileged user after executing the necessary commands as root.

Remediation

Switch back to low privilege user after running commands as 'root'.

Metadata

Severity: high
Slug: root-in-container

CWEs

269: Improper Privilege Management

OWASP

A04:2021: Insecure Design

Available Labs

Open Container labs in SecDim Play for this vulnerability.

easy

RootContainer.df

Other Easy Container Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.