undefined | Better HN

0 pointslabster1y ago0 comments

You know the rules, and so do I.

0 comments

I know I prefer my exploits to come from opaque corners of package formats or docker layers as bofh intended. The more indirect handoffs of trust the merrier.

Timber-65391y ago

Docker is at least sandboxed by default and requires sudo password to run commands.

dv_dt1y ago

There are advantages to docker, but also disadvantages. Definitely the same w/ "curl | sh" That's all I was trying to allude to, tongue in cheek.

freeone30001y ago

But it requires sudo or effective-sudo to run any command, making such a measure worthless

j / k navigate · click thread line to collapse

0 comments

dv_dt1y ago

I know I prefer my exploits to come from opaque corners of package formats or docker layers as bofh intended. The more indirect handoffs of trust the merrier.

Timber-65391y ago

Docker is at least sandboxed by default and requires sudo password to run commands.

dv_dt1y ago

There are advantages to docker, but also disadvantages. Definitely the same w/ "curl | sh" That's all I was trying to allude to, tongue in cheek.

freeone30001y ago

But it requires sudo or effective-sudo to run any command, making such a measure worthless

j / k navigate · click thread line to collapse