undefined | Better HN

0 pointsGonzih9y ago0 comments

So you don't trust application code, but you trust image makers code?.

0 comments

10 comments · 5 top-level

arno19y ago· 5 in thread

This thread is not about to what extent I trust things.

But security-wise, running it in a container is better, than running it without isolation. IMHO.

And of course, no one asks getting this image built by the 3rd party, since the Dockerfile is open, just build it yourself ;-)

kordless9y ago

There is very little reason to believe that escalated privileges are not possible within a given virtualized environment, at least with current technologies.

Containers are great for development and production on your own infrastructure, or shared infrastructure like GCE or AWS. Security can be had from doing inspected builds, self signing, etc.

For consumers, however, it's a completely different ballgame.

jerf9y ago

I'd be more worried about the game doing something accidentally bad to my system than deliberate hacking: https://github.com/valvesoftware/steam-for-linux/issues/3671

By the time serious hacking is an issue through Steam, I'd expect containers will be that much better anyhow. For all they can be criticized, and regardless of whether you think some other approach would have been better, they're getting the "trial by fire" treatment. By hook or by crook, in another year or two I expect they'll be as secure as you could ask for.

1 more reply

MichaelBurge9y ago

All those Docker commands usually run as root or something equivalent to root. So a container breakout could lead to root on the host system.

I think kordless is claiming that using Docker here could increase the severity of an attack; otherwise it doesn't seem like putting up another barrier could hurt security, even if it is later broken.

2 more replies

lisivka9y ago

Containers are not isolated from host system. They are separated. Isolated containers will have performance and features similar to User Mode Linux.

arno19y ago

Isolated or separated (from the host system). Both words will work when context is clear. Or it can confuse, when context was not specified, which is in my case.

What I actually meant is that I'd rather run an isolated (separated) process from other processes and the file-system space (and the other isolation features which cgroups are giving us), not meaning isolation from the host system.

With the cgroups/namespaces it's a process isolation (or separation, whatever wording you prefer). In the Linux kernel documentation they also use isolation wording. ;-)

swsieber9y ago

Yes? (Not the OP)

The image build instructions are pretty easy to audit. And I trust docker (to an extent).

So in my mind it's safer, but not absolutely safe. I just view it as another layer of security :)

ihsw9y ago

I think the parent author meant they trust the explicit and narrow boundaries the application code is permitted to run in.

010a9y ago

Fundamentally, it is fewer things that I _have_ to trust. The shim which defines an image should be much easier to grok than the entire application.

coldtea9y ago

He can always check the image specification, no?

j / k navigate · click thread line to collapse