Assuming:
- A 3rd party provides a
Dockerfile that I do not review
- I build the Docker image (
docker build or similar) on my infrastructure
- the build has a time limit (e.g. max 5 minutes)
Is this insecure for my infrastructure/machine?
If so, why?
For more context, this is like a CI system where I build customer's Docker images on my infrastructure.
You are giving arbitrary code access to write to disk, use memory, use up to 5 minutes of CPU time, access the network, and access the same kernel running everything else on the host. There are various attacks I could think of:
- An attacker could potentially use the network access to pivot to other internal resources, or spawn lots of builds to DoS external users.
- They could potentially use network access for sending spam.
- They could trigger a denial of service on the host by exhausting the resources (filling the disk or using all of the memory).
- They could launch a fork bomb to exhaust the kernel of resources and make the host inaccessible/crash.
- If an exploit is found in the kernel, container runtime, or build tooling, that exploit could potentially give them access to access the host directly.