Title: How to use Docker from a Linux host system to escalate to root
       Author: Solène
       Date: 19 July 2022
       Tags: security linux docker
       Description: This article explains how to escalate to root in a few
       seconds given your system user can run docker.
       
       # Introduction
       
       It's often said Docker is not very good with regard to security, let me
       illustrate a simple way to get root access to your Linux system through
       a docker container.  This may be useful for people who would have
       docker available to their user, but whose company doesn't give them
       root access.
       
       This is not a Docker vulnerability being exploited, just plain Docker
       by design.  It is not a way to become root from *within* the container,
       you need to be able to run docker on the host system.
       
       If you use this to break against your employer internal rules, this is
       your problem, not mine.  I do write this to raise awareness about why
       Docker for systems users could be dangerous.
       
       UPDATE: It is possible to run the Docker as a regular user since
       October 2021.
       
 (HTM) Run the docker daemon as a user
       
       # How to proceed
       
       We will start a simple Alpine docker container, and map the system root
       file system / on the /mnt container directory.
       
       ```shell
       docker run -v /:/mnt -ti alpine:latest
       ```
       
       From there, you can use the command `chroot /mnt` to obtain a root
       shell of your system.
       
       You are now free to use "passwd" to change root password, or `visudo`
       to edit sudo rules, or you could use the system package manager to
       install extra software you want.
       
       # Some analogy
       
       If you don't understand why this works, here is a funny analogy.  Think
       about being in a room as a human being, but you have a super power that
       allows you to imagine some environment in a box in front of you.
       
       Now, that box (docker) has a specific feature: it permits you to take a
       piece of your current environment (the filesystem) to project it in the
       box itself.  This can be useful if you want to imagine a beach
       environment and still have your desk in it.
       
       Now, project your whole room (the host filesystem) into your box, and
       now, you are all mighty for what's happening in the box, which turn to
       be your own room (you are root, the super user).
       
       # Conclusion
       
       Users who have access to docker can escalate to root in a few seconds
       and megabytes.