Control: 5.24 Ensure that docker exec commands are not used with the user=root option
Description
You should not use docker exec with the --user=root option.
Using the --user=root option in a docker exec command, executes it within the
container as the root user. This could potentially be insecure, particularly when you are
running containers with reduced capabilities or enhanced restrictions.
For example, if your container is running as a tomcat user (or any other non-root user),
it would be possible to run a command through docker exec as root with the --user=root option. This could potentially be dangerous.
Remediation
You should not use the --user=root option in docker exec commands.
Default Value
By default, the docker exec command runs without the --user option.
Usage
Run the control in your terminal:
powerpipe control run docker_compliance.control.cis_v160_5_24Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run docker_compliance.control.cis_v160_5_24 --shareSQL
This control uses a named query:
exec_docker_exec_command_no_user_root_option