zlacker

[return to "I got hacked: My Hetzner server started mining Monero"]
1. V__+N4[view] [source] 2025-12-17 21:39:21
>>jakels+(OP)
> The Reddit post I’d seen earlier? That guy got completely owned because his container was running as root. The malware could: [...]

Is that the case, though? My understanding was, that even if I run a docker container as root and the container is 100% compromised, there still would need to be a vulnerability in docker for it to “attack” the host, or am I missing something?

◧◩
2. Havoc+y8[view] [source] 2025-12-17 21:55:49
>>V__+N4
I think a root container can talk to docker daemon and launch additional containers...with volume mounts of additional parts of file system etc. Not particularly confident about that one though
◧◩◪
3. minite+Y8[view] [source] 2025-12-17 21:58:20
>>Havoc+y8
Unintentional vulnerabilities in Docker and the kernel aside, it can only do that if it has access to the Docker API (usually through a bind mount of the Unix socket). Having access to the Docker API is equivalent to having root on the host.
◧◩◪◨
4. czbond+3c[view] [source] 2025-12-17 22:16:45
>>minite+Y8
Well $hit. I have been using Docker for installing NPM modules in interactive projects I was testing out. I believed Docker blocked access to the underlying host (my computer).

Thanks for mentioning it - but now... how does one deal with this?

[go to top]