Don't make this container security mistake
Most of us wouldn't dream of running a typical web application as root
; if you have to ask why not, your network administrator will kindly, but firmly, explain, "Because security". The root
user in Unix has total access to all files on the system, the memory space of all other applications, can start and stop processes, snoop on network traffic, install remote-control backdoors, and everything else besides. root
has god-like powers which are unnecessary, inappropriate, and positively dangerous to grant to normal applications.
Got root?
So why are most containers running as root
? Liz Rice, in her engaging and accessible new book Container Security (O'Reilly 2020), describes this as "arguably the most insecure-by-default behaviour in the container world," and I am not disposed to argue with her. Since, as she demonstrates, root access to a container is equivalent to root access to the host, then if an attacker can escape the container, they immediately have free rein over everything on the host machine, including all other containers.
"Do you want to be just one line of defense away from an attacker taking over a host?"
Fortunately, this hole is relatively easy to patch (by adding a USER
step in the Dockerfile or using flags to docker
/runc
to override the default user), and Rice's book is packed with such useful and practical information for developers and operators looking to run containerized applications securely in the cloud.
Getting to grips
Currently VP Open Source Engineering at container security vendor Aqua Security (so she should know what she's talking about), Rice is a well-known, award-winning speaker and writer on technical topics. Her approach to communicating complex and sometimes difficult material is a very effective one: instead of just telling you how it all works, she shows you. With step-by-step interactive demonstrations, giving you Linux commands to run and showing you what output you'll see, you'll explore topics like file permissions, setuid
, capabilities, cgroups, isolation, namespaces, and virtualization.
This book will give you a thorough grounding in the security principles and techniques you need to know when running containers in production, as well as the threat models affecting containers, how to use image scanners and admission controls, and important security-related technologies such as TLS. Despite being so comprehensive, it's well-written, extremely easy to read and, at just 180pp, pleasantly concise.
No more excuses
'Container Security' has gone straight onto my 'must-read' list for anyone working with containers and cloud native. The field is rife with poor practice and ignorance of the basics, and I'm not really sure why this is. If the excuse has been that there's no practical, readable single book that explains what you need to know, that excuse certainly no longer applies.
The fact of the matter is that container security really isn't that hard. If you understand the principles Rice outlines, and apply them using common sense, you can mitigate the most serious risks. The machinery is there, and all we need to do is use it. Not doing so (or not reading this authoritative book on the subject) is perhaps the most fundamental container security mistake of all.
You can follow Liz Rice on Twitter at @lizrice, or read her website at lizrice.com. John Arundel is @bitfield on Twitter, and the co-author of Cloud Native DevOps with Kubernetes.