# COMPOSE-SEC-010: Using Host IPC Mode

> **Severity:** MEDIUM | **CWE:** CWE-250

- **Language:** Docker Compose
- **Category:** Security
- **URL:** https://codepathfinder.dev/registry/docker-compose/security/COMPOSE-SEC-010
- **Detection:** `pathfinder scan --ruleset docker-compose/COMPOSE-SEC-010 --project .`

## Description

This rule detects services using `ipc: host`, which disables IPC (Inter-Process
Communication) namespace isolation. This allows the container to share shared
memory segments, semaphores, and message queues with the host system, potentially
enabling information disclosure and process interference.

## Vulnerable Code

```python
services:
  app:
    image: myapp
    ipc: host  # Shares IPC namespace with host
```

## Detection Rule (Python SDK)

```python
from rules.container_decorators import compose_rule
from rules.container_matchers import service_has


@compose_rule(
    id="COMPOSE-SEC-010",
    name="Using Host IPC Mode",
    severity="MEDIUM",
    cwe="CWE-250",
    category="security",
    tags="docker-compose,compose,ipc,host-ipc,security,isolation,namespace,shared-memory,information-disclosure",
    message="Service uses host IPC namespace. Container shares inter-process communication with host."
)
def host_ipc_mode():
    """
    Detects services using host IPC namespace.

    Sharing the host IPC namespace allows the container to access
    shared memory segments, semaphores, and message queues from
    host processes, potentially exposing sensitive data.
    """
    return service_has(
        key="ipc",
        equals="host"
    )
```

## How to Fix

- Review your Dockerfile to address the using host ipc mode issue
- Follow Docker official best practices for image building
- Use docker build --check to validate Dockerfile syntax and best practices

## Security Implications

- **Semaphore Manipulation:** ```bash ipcs -s  # List semaphores # Can potentially cause deadlocks or race conditions ```
- **Message Queue Interception:** ```bash ipcs -q  # List message queues # Can read/modify IPC messages ```
- **Information Disclosure:** Shared memory may contain sensitive data like: - Database connection pools - Session data - Cache contents - Cryptographic keys

## FAQ

**Q: Why does this rule flag using host ipc mode?**

Service uses host IPC namespace. Container shares inter-process communication with host.

**Q: How do I fix this?**

Review the secure code example in the playground above and apply the recommended pattern to your Dockerfile or docker-compose.yml.

## References

- [CWE-250: Execution with Unnecessary Privileges](https://cwe.mitre.org/data/definitions/250.html)
- [Docker IPC Namespace Documentation](https://docs.docker.com/engine/security/#ipc-mode)
- [System V IPC man pages](https://man7.org/linux/man-pages/man7/sysvipc.7.html)

---

Source: https://codepathfinder.dev/registry/docker-compose/security/COMPOSE-SEC-010
Code Pathfinder — Open source, type-aware SAST with cross-file dataflow analysis