Y
Hacker News
new
|
ask
|
show
|
jobs
by
foldr
2012 days ago
But non-root users within the container can also access mounted volumes, no? Is there some kind of exploit that only works if running as root?
1 comments
lights0123
2012 days ago
You can setuid root in a volume mounted in host. If that's executed at all by any user, bam you have root on the host.
If it's never executed, I don't know what vulnerabilities they were talking about.
link
foldr
2012 days ago
Right, but it seems that wouldn't require the app within the Docker container to be running as root to work?
link
If it's never executed, I don't know what vulnerabilities they were talking about.