skip to Main Content

Assuming:

  • A 3rd party provides a Dockerfile that I do not review
  • I build the Docker image (docker build or similar) on my infrastructure
  • the build has a time limit (e.g. max 5 minutes)

Is this insecure for my infrastructure/machine?

If so, why?

For more context, this is like a CI system where I build customer’s Docker images on my infrastructure.

2

Answers


  1. Generally speaking and without knowing the tool you’re going to use, if you do not review the Dockerfile, it may be insecure.

    But…

    1. You can adopt a widely popular software and tools that, even if you do not check their internals, they are widely spread and use in several contexts and are known to be secure

    2. You can easilly review many Dockerfile available online, e.g. from Docker Hub, because they indicates:

    • the layers that composes the Dockerfile
    • the public repository connected to the Docker image
      So, even if you don not write the Docekrfile, you can see the details of the Docker image and
    Login or Signup to reply.
  2. You are giving arbitrary code access to write to disk, use memory, use up to 5 minutes of CPU time, access the network, and access the same kernel running everything else on the host. There are various attacks I could think of:

    1. An attacker could potentially use the network access to pivot to other internal resources, or spawn lots of builds to DoS external users.
    2. They could potentially use network access for sending spam.
    3. They could trigger a denial of service on the host by exhausting the resources (filling the disk or using all of the memory).
    4. They could launch a fork bomb to exhaust the kernel of resources and make the host inaccessible/crash.
    5. If an exploit is found in the kernel, container runtime, or build tooling, that exploit could potentially give them access to access the host directly.
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search