Control: 5.24 Ensure that docker exec commands are not used with the user=root option
You should not use
docker exec with the
--user=root option in a
docker exec command, executes it within the
container as the root user. This could potentially be insecure, particularly when you are
running containers with reduced capabilities or enhanced restrictions.
For example, if your container is running as a tomcat user (or any other non-root user),
it would be possible to run a command through
docker exec as root with the
--user=root option. This could potentially be dangerous.
You should not use the
--user=root option in
docker exec commands.
By default, the
docker exec command runs without the
Run the control in your terminal:
steampipe check docker_compliance.control.cis_v160_5_24
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share docker_compliance.control.cis_v160_5_24
This control uses a named query:exec_docker_exec_command_no_user_root_option