We take a look at the vulnerability in using the Docker group allowing security exploits that are not logged as there is no need to run sudo. Docker creates a docker group when it is installed. Members of that groups get the rights needed to run docker commands. But nothing is logged. If users need to run docker you are better setting sudo to allow those users access to docker as activities with sudo are logged.

We show that starting a container in privileged mode we are able to to create a user with rights on the local host system and proving it is not logged back to my user account.

sudo docker run ti name bad privileged v /:/host ubuntu chroot /host

Additionally you can find my video courses on Pluralsight: http://pluralsight.com/training/Autho... and take time to see my own site http://www.theurbanpenguin.com

00:00 Intro
01:09 Install Docker
03:08 Add user to docker group
03:50 tail journal log
05:34 docker run exploit

~~~~~~~~~
Please watch: "RHCSA 9 Working With Podman Containers"
   • How To Use Podman Containers  
~~~~~~~~~