Unprivileged user can gain root privileges

[w194]

I'm not sure how the wheel group is treated in docker-alpine but why does it exist if one can gain root privileges without being member of it?

# docker run -i -t --name="test" alpine /bin/sh
/ # adduser -S testuser
/ # groups testuser
nogroup

# docker start test

# docker exec -it --user=testuser test /bin/sh
/ $ whoami
testuser
/ $ su
/ # whoami
root
/ # groups testuser
nogroup
/ # groups root
root bin daemon sys adm disk wheel floppy dialout tape video
/ # 

In ubuntu-docker this does not work.

[yosifkit]

That just means root has an empty password; the wheel group only matters for the sudo command.

[w194]

Correct. This is the difference to the containers CentOS and Ubuntu where the root password is disabled by default.

Solution is here: #56
just remove the root account completely when you use alpine, it isn't needed anyway.

[zakkg3]

why we dont remove root passwd by default in alpine?
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782

[tianon]

See #511

[w194]

@zakkg3 just delete root user or use another image. don't expect gliderlabs to fix this considering how often this bug was re-introduced...
there are at least 3 issues about this bug. i wouldn't trust this image at all.

[ncopa]

I think its unfair to blame gliderlabs for this one. It was my mistake.