I'm confused--what's the security risk in building a container?
Telstrom90•3d ago
You're running untrusted code. Every RUN command in a user's Dockerfile is executed during build, which means you're executing arbitrary commands from strangers on your own infrastructure. If you're not isolating that properly, it's a security risk.
adastra22•3d ago
Inside the container though. The whole point of which is that it sandboxes and isolates the running code.
amluto•4h ago
Maybe the default form of RUN is kinda sorta safe [0].
How about ADD? Or COPY? Or RUN —-mount=type=bind,rw…?
Over the last ten years or so we’ve progressed from subtle-ish security holes due to memory unsafety and such to shiny tools in shiny safe languages that have absolutely gaping security and isolation holes by design. Go us.
[0] There is some serious wishful thinking involved there.
RainyDayTmrw•4h ago
This blog post[1] explains why that is not a safe assumption.
adastra22•3d ago
Telstrom90•3d ago
adastra22•3d ago
amluto•4h ago
How about ADD? Or COPY? Or RUN —-mount=type=bind,rw…?
Over the last ten years or so we’ve progressed from subtle-ish security holes due to memory unsafety and such to shiny tools in shiny safe languages that have absolutely gaping security and isolation holes by design. Go us.
[0] There is some serious wishful thinking involved there.
RainyDayTmrw•4h ago
[1]: https://www.aquasec.com/blog/container-isolation/
bilbo-b-baggins•14m ago
The same risks that running an unknown container has - are had by building one.
For reference there have been quite a few CVEs related to container escape: https://www.paloaltonetworks.com/blog/cloud-security/leaky-v...