No New Privileges Not Set
- Query id: 27fcc7d6-c49b-46e0-98f1-6c082a6a2750
- Query name: No New Privileges Not Set
- Platform: DockerCompose
- Severity: High
- Category: Resource Management
- URL: Github
Description¶
Ensuring the process does not gain any new privileges lessens the risk associated with many operations.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
version: "3.4"
services:
service-service-service:
build:
context: ./
dockerfile: service.dockerfile
ports:
- "6969:8080"
networks:
- service-service-frontend
restart: always
security_opt:
- no-new-privileges:false
networks:
service-service-frontend:
Positive test num. 2 - yaml file
version: "3.4"
services:
service-service-service:
build:
context: ./
dockerfile: service.dockerfile
ports:
- "6969:8080"
networks:
- service-service-frontend
restart: always
security_opt:
- "apparmor: false"
networks:
service-service-frontend: