Docker: the “Trojan horse” of modern IT? Reflections on security and hidden dependencies.
- Klevis Cipi
- Aug 1, 2024
- 2 min read
Updated: Aug 2, 2024
I feel like there’s this tendency to take the security thing for granted when using Docker.
Docker containers are alive inside an isolated environment, and this is true, but we forget the human factor.
Well, of course the human factor contributes to the increase in security vulnerability, perhaps even by mistake.
In the end, something has to be configured right, and are these configurations done with prudence?
Some of my thoughts for these points:
Shared folders
OS configuration of the container and its dependencies.
Unofficial Docker images
Shared folders
The shared folders that Docker offers to the host and vice versa is really convenient. However, from a security point of view it can be a disadvantage because it increases vulnerability.
How vulnerability is increased I describe as follows:
Host may be compromised by some other service.
Some other services use these shared folders, for example /tmp folders.
It is always prudent to give the right permissions to the folders, always.
Only authorized users can control Docker daemon.
First, let’s answer the question: What Docker daemon is?
The so-called dockerd daemon is the beating heart of Docker.
It manages everything related to containers, images, volumes, networks, listens to all API calls made from the command line.
Docker has a client-server architecture.
The client’s interpretation would be a command line like:
docker run -d --name container_name image_name .To run Docker daemon you need to have root privileges, so on Linux systems you need to use sudo.
An attacker can exploit root privilege to take over the entire host machine.
OS configuration of the container and its dependencies.
Docker images ultimately contain an operating system within themselves.
So, when a Docker container is initialized starting from the configured image, it is as if we turn on a laptop with an Ubuntu operating system.
The vast majority of images are based on Linux operating systems this for lightness and efficiency.
However, if we install some package that has some vulnerability, then the whole container is compromised and perhaps even the host.
Or some configuration that for many reasons is configured in such a way that it can compromise or increase security vulnerability.
Unofficial docker images
The images that are the blueprints for the containers are available in the public Docker repository called Docker hub.
Docker hub certifies these images and gives us the ability to use them in our projects.
However, starting from the fact that, «Docker offers flexibility using these images» can lead us towards the creation of vulnerable images.
Official images can be used in two ways:
directly
images used to create other images
The Trojan horse can show itself in the second point, since in the first point we rely on the reputation of the Docker hub repository.
When we write layers to build images for our projects, there is a tendency to install other third-party packages.
Using third-party packages increases security vulnerability because they can contain malicious code without even realizing it.
Conclusion:
Docker is a very powerful tool, but as you can see, it can really become the Trojan horse of modern IT at some point.
A thousand thanks.