Whoa.

Charles ☕ Stanhope at 2014-12-23T21:16:37Z

Wow.

Docker’s report that a downloaded image is “verified” is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest. An attacker could provide any image alongside a signed manifest. This opens the door to a number of serious vulnerabilities.

Maybe someone read this XKCD comic and mistook it for good practice.

Christopher Allan Webber at 2014-12-23T22:44:49Z

[email protected] , olm-e , Jason Self , Stephen Michael Kellat like this.

Combine:

• It seems pretty easy to escalate oneself out of the docker container (I saw @joeyh do it, and I think it's been done multiple other times before)
• "verifying signatures" without doing so at all
• a container system which is closer to VMs in heaviness but seems to be mistaken by many for a solution where you want to dockerize a whole OS

... well, it's not a pretty picture. At least the Docker hype is exciting people about the possibility of other container solutions!

Christopher Allan Webber at 2014-12-23T22:47:17Z

Claes Wallin (韋嘉誠) , [email protected] , Stephen Michael Kellat like this.

@cwebber does Docker count as a container solution after this? You could elide "other" above. /snark

Mike Linksvayer at 2014-12-23T23:17:27Z

Claes Wallin (韋嘉誠) , Christopher Allan Webber like this.