What is the Docker security risk of /var/run/docker.sock?

Question

In this blog article, I found the quote below in a comment:

Ben Firshman

Yes – you\'re right I should have pointed out the security issue

Answer 1

The accepted answer supplied a great explanation, so I won't repeat any of the details regarding the fact that you're mounting a file owned by root.

Maybe the following example is trivial to some readers, but I'm surprised nobody mentioned it.

Remember the fact that you have access to a very special file on the host - docker.sock.

So if you install Docker inside your container:

apt-get update  
apt-get install docker.io -y

Or as a one-liner with the container creation:

docker run -it -v /var/run/docker.sock:/var/run/docker.sock ubuntu:latest sh -c  "apt-get update ; apt-get install docker.io -y ; bash"

(Inside the container check with docker ps that you see the other containers running on the host).

Now you have full control over the other containers in your host.