SQ40102
Detected container images that contain files with setuid or setgid permissions.
| priority | CI/CD status | severity | effort | SAFE level | SAFE assessment |
|---|---|---|---|---|---|
 | pass | medium | medium | None | None |
About the issueโ
Containers are a simple, yet powerful approach to process and filesystem isolation. When configured correctly, a container runs a set of processes isolated from their host system. Containers typically run as executables or as services, but regardless of their use, they must be properly secured. One security concept that fosters isolation is the principle of least privilege, meaning that a container should be given only those privileges needed to complete its task. Executables with setuid or setgid permissions can increase the attack surface for privilege escalation attacks.
How to resolve the issueโ
- When possible, remove any unnecessary permissions on executable files, e.g. by running 'chmod' near the end of your Dockerfile.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.
This section is updated when new data becomes available.
Total amount of packages analyzed
- RubyGems: 183K
- Nuget: 644K
- PyPi: 628K
- NPM: 3.72M
Recommended readingโ
- Linux permissions: SUID, SGID, and sticky bit (External resource - Red Hat)
- Privilege escalation (External resource - Wikipedia)