Skip to main content

Giving `sudo` rights to a user allows privilege escalation attacks

  • GG_ID: GG_IAC_0010
  • Severity: CRITICAL
  • Complexity: LOW
  • Categories: PERMISSION
  • Providers: Docker
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: False


'RUN' should not use 'sudo' as it can lead to unpredictable behavior.


'sudo' can lead to unpredictable behavior. If sudo is run from a non-root user, it means the user has been given sudo rights which is similar to running as root. If sudo is run from root to a non-root user, an exploit exists to run arbitrary code as root.

Remediation guidelines#

'USER' can be used to switch user and if functionalities similar to sudo are absolutely needed, such as initializing the daemon as root but running it as non-root, consider using “gosu”.

External documentation#