SDK & ASP.Net images contain files & directories with insecure permissions

## Steps to reproduce the issue
1. docker run -ti mcr.microsoft.com/dotnet/core/sdk:2.1-bionic
2. find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -ls  # <-- find world-writable directories without the sticky bit set
3. find / -xdev -type f -perm -o+w -ls  # <-- find world-writable files
4. find / -xdev \( -nouser -o -nogroup \) -ls  # <-- find files without a registered user or group

## Expected behavior
Should be no output

## Actual behavior
Here is a non-exhaustive list of dangerous files/directories:
https://pastebin.ubuntu.com/p/P7Kgq6WTf3/

Some of the files in question are .Net DLLs, which I suspect could be used to gain a foothold on a container running externally-facing services and then used to pivot to gain greater access.

## Additional information (e.g. issue happens only occasionally)

This affects -aspnet and -sdk variants of the Docker images, but didn't affect the -runtime versions when I tested.

## Output of `docker version`

Not terribly relevant, but here you go:
```
Client: Docker Engine - Community
 Version:           19.03.4
 API version:       1.40
 Go version:        go1.12.10
 Git commit:        9013bf583a
 Built:             Fri Oct 18 15:52:22 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.4
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.10
  Git commit:       9013bf583a
  Built:            Fri Oct 18 15:50:54 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.5
  GitCommit:        bb71b10fd8f58240ca47fbb579b9d1028eea7c84
 runc:
  Version:          1.0.0-rc6+dev
  GitCommit:        2b18fe1d885ee5083ef9f0838fee39b62d653e30
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683
```

## Output of `docker info`

```
Client:
 Debug Mode: false

Server:
 Containers: 356
  Running: 1
  Paused: 0
  Stopped: 355
 Images: 1413
 Server Version: 19.03.4
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
 runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-1062.4.1.el7.x86_64
 Operating System: Red Hat Enterprise Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.28GiB
 Name: REDACTED
 ID: REDACTED
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SDK & ASP.Net images contain files & directories with insecure permissions #1454

paulgear
openedon Nov 8, 2019

Steps to reproduce the issue

Expected behavior

Actual behavior

Additional information (e.g. issue happens only occasionally)

Output of `docker version`

Output of `docker info`

Assignees

Labels

Type

Projects

Milestone

Relationships

Development