From 626b4775ba99bb90ce2c9a6318d6d7cabd433e91 Mon Sep 17 00:00:00 2001
From: Andre Henn <henn@terrestris.de>
Date: Tue, 12 Dec 2023 14:42:59 +0100
Subject: [PATCH] Remove setuid and setgid permissions in the images to prevent
 privilege escalation attacks within containers

---
 Dockerfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 8a91cb1..a17538a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -136,6 +136,10 @@ RUN cd $CATALINA_HOME/lib \
 
 # copy scripts
 COPY *.sh /opt/
+
+# CIS Docker benchmark: Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers.
+RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
+
 # GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories
 # See also CIS Docker benchmark and docker best practices
 RUN chmod +x /opt/*.sh \