Remote code execution (RCE) due to root user in Dockerfile

High Risk infrastructure-security

What it is

Remote code execution (RCE) inside the container could grant full root privileges, enabling lateral movement, container escape attempts, and host impact via mounted volumes or the Docker socket.

Why it happens

Omitting the USER directive in Dockerfiles, causing containers to run as root by default.

Root causes

Default Root User

Omitting the USER directive in Dockerfiles, causing containers to run as root by default.

Convenience Over Security

Running as root to avoid permission issues during development without changing it for production.

Legacy Base Images

Using older base images or examples that don't follow modern security practices for non-root containers.

Fixes

1

Create and Use Non-Root User

Add RUN commands to create a dedicated application user and switch to it with the USER directive before CMD.

2

Set Proper File Ownership

Use COPY --chown or RUN chown to ensure application files are owned by the non-root user.

3

Use High-Numbered Ports

Configure applications to listen on ports above 1024, which don't require root privileges to bind.

Detect This Vulnerability in Your Code

Sourcery automatically identifies remote code execution (rce) due to root user in dockerfile and many other security issues in your codebase.

Scan Your Code for Free Explore More Vulnerabilities