null/Queue-North-Website
null
/
Queue-North-Website
1
0
Fork 0
Code Issues 18 Pull Requests Packages Projects Releases Wiki Activity

P0: su-exec in Docker entrypoint may fail silently — container runs as root #4

New Issue
Open
opened 2026-05-13 20:39:36 -05:00 by null · 0 comments
null commented 2026-05-13 20:39:36 -05:00
Owner
Copy Link

Severity: P0 — Critical

File: docker-entrypoint.sh ~line 16

Problem: su-exec nodejs node server/index.js assumes the user exists. If UID/GID 1001 conflicts, su-exec may fail silently and the container runs as root.

Impact: Security vulnerability — container runs as root instead of the intended non-root user.

Fix: Add explicit check that su-exec succeeded, or use gosu with error handling.

## Severity: P0 — Critical **File:** docker-entrypoint.sh ~line 16 **Problem:** su-exec nodejs node server/index.js assumes the user exists. If UID/GID 1001 conflicts, su-exec may fail silently and the container runs as root. **Impact:** Security vulnerability — container runs as root instead of the intended non-root user. **Fix:** Add explicit check that su-exec succeeded, or use gosu with error handling.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
dev
main
v0.2.0
v0.1.1
v0.1.0
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: null/Queue-North-Website#4
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?