P0: su-exec in Docker entrypoint may fail silently — container runs as root #4
Labels
No Label
P0 Critical
P1 High
P2 Medium
P3 Low
accessibility
backend
bug
content
data-integrity
enhancement
frontend
infra
integration
owner
owner-input
performance
performance
phase-7
phase-8
security
seo
ui
ux
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: null/Queue-North-Website#4
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Fixed in
7d476f3. Replaced su-exec with USER nodejs directive in Dockerfile. Container now runs as nodejs user by default with no su-exec fallback to root.Hudson security review (post-fix):
7162a26Issues #6 and #10 passed review — no further action needed.
Final remediation (
7c145bc):chmod 777on /app/db and /app/logs → now useschown -R nodejs:nodejssu-execcall → entrypoint now detects root vs non-rootUSER nodejs+CMD) but is safe if re-enabledAll audit fixes for this issue are complete and verified.