[
https://issues.apache.org/jira/browse/SYNCOPE-1909?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18018109#comment-18018109
]
ASF subversion and git services commented on SYNCOPE-1909:
----------------------------------------------------------
Commit 1b0e522e678f33554ebb03a1c82e5e72450b2015 in syncope's branch
refs/heads/master from Francesco Chicchiriccò
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=1b0e522e67 ]
[SYNCOPE-1909] Setting USER on all Dockerfile occurrencies
> Docker containers as unprivileged user
> --------------------------------------
>
> Key: SYNCOPE-1909
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1909
> Project: Syncope
> Issue Type: Improvement
> Components: docker
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Fix For: 3.0.14, 4.0.2, 4.1.0
>
>
> By default Docker containers will run as UID 0, or root.
> This means that if the Docker container is compromised, the attacker will
> have host-level root access to all the resources allocated to the container.
> By using a non-root user, even if the attacker manages to break out of the
> application running in the container, they will have limited permissions if
> the container is running as a non-root user.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
