16 lines
767 B
Plaintext
16 lines
767 B
Plaintext
Ownership of an executable has been assigned to a user other than root. More
|
|
often than not, resource owners have write permissions and thus can edit the
|
|
resource.
|
|
|
|
Write permissions enable malicious actors, who got a foothold on the container,
|
|
to tamper with the executable and thus manipulate the container's expected behavior. +
|
|
Manipulating executables could disrupt services or aid in escalating privileges
|
|
inside the container. +
|
|
|
|
This breaches the container immutability principle as it facilitates container
|
|
changes during its life. Immutability, a container best practice, allows for a
|
|
more reliable and reproducible behavior of Docker containers.
|
|
|
|
Resource ownership is not required; executables can be assigned execute
|
|
permissions using `chmod` if needed.
|