Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers

2023-12-12 14:42:59 +01:00 · 2023-12-12 14:42:59 +01:00 · 626b4775ba
parent b108b4be06
commit 626b4775ba
1 changed files with 4 additions and 0 deletions
--- a/4
+++ b/4
@ -136,6 +136,10 @@ RUN cd $CATALINA_HOME/lib \

 # copy scripts
 COPY *.sh /opt/
+
+# CIS Docker benchmark: Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers.
+RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
+
 # GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories
 # See also CIS Docker benchmark and docker best practices
 RUN chmod +x /opt/*.sh \