christophetd/Dockerfile Secret

## Dockerfile
FROM alpine:3.20 AS builder
WORKDIR /build
RUN cat > escalate.c <<EOF
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>

int main(void) {
    // Escalate to root
    setreuid(0, 0); setregid(0, 0);

    // Spawn a shell
    char* const argv[] = {"/bin/sh", NULL};
    char* const environ[] = {"PATH=/bin:/sbin:/usr/bin:/usr/sbin", NULL};
    if (-1 == execve("/bin/sh", argv, environ)) {
        printf("Unable to execve /bin/sh, errno %d\n", errno);
    }
}
EOF
RUN cat /build/escalate.c
RUN apk add --no-cache gcc musl-dev
RUN gcc escalate.c -Wall -o escalate

FROM alpine:3.20 AS runner
WORKDIR /app
COPY --from=builder /build/escalate ./escalate
RUN chown root:root ./escalate && chmod +s ./escalate
RUN adduser app-user --uid 1000 --system --disabled-password --no-create-home
USER app-user
ENTRYPOINT ["sh", "-c", "echo Application running && sleep infinity"]
	FROM alpine:3.20 AS builder
	WORKDIR /build
	RUN cat > escalate.c <<EOF
	#include <stdio.h>
	#include <unistd.h>
	#include <stdlib.h>
	#include <errno.h>

	int main(void) {
	// Escalate to root
	setreuid(0, 0); setregid(0, 0);

	// Spawn a shell
	char* const argv[] = {"/bin/sh", NULL};
	char* const environ[] = {"PATH=/bin:/sbin:/usr/bin:/usr/sbin", NULL};
	if (-1 == execve("/bin/sh", argv, environ)) {
	printf("Unable to execve /bin/sh, errno %d\n", errno);
	}
	}
	EOF
	RUN cat /build/escalate.c
	RUN apk add --no-cache gcc musl-dev
	RUN gcc escalate.c -Wall -o escalate

	FROM alpine:3.20 AS runner
	WORKDIR /app
	COPY --from=builder /build/escalate ./escalate
	RUN chown root:root ./escalate && chmod +s ./escalate
	RUN adduser app-user --uid 1000 --system --disabled-password --no-create-home
	USER app-user
	ENTRYPOINT ["sh", "-c", "echo Application running && sleep infinity"]