I’ve mentioned this before: this is one of the oncoming trains for corp-security.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 15:45:07 GMT

aj@techhub.social — Mon, 01 Jun 2026 15:45:07 GMT

@webhat @haroonmeer also add: "don't say anything about goblins"

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 15:05:52 GMT

shadur@mastodon.sandwich.net — Mon, 01 Jun 2026 15:05:52 GMT

@haroonmeer Will this still work if docker is not run as root but as an unprivileged user?

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 14:41:12 GMT

phnt@fluffytail.org — Mon, 01 Jun 2026 14:41:12 GMT

@feld @haroonmeer Why are we so worried about agents using this when the user had the rights in the first place? Agents/LLMs should change nothing in that equation.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 14:39:11 GMT

feld@friedcheese.us — Mon, 01 Jun 2026 14:39:11 GMT

@haroonmeer why are we so worried about agents using this when this was already the first thing any attacker would do?

Pop a shell on Linux, check for docker group access. That makes life very easy.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 13:58:57 GMT

fuzzyfuzzyfungus@cyberplace.social — Mon, 01 Jun 2026 13:58:57 GMT

@mdione @haroonmeer Honestly, I can see the appeal of docker as a sort of web services oriented package manager; but it's terrifying to see people treating it as though it's a VM-tier isolation tool or security boundary. It's certainly not impossible to use it in ways that provide at least some protection from container contents; but the overall intent is much closer to easing dependency wrangling and keeping configs contained than to hard isolation.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 13:40:57 GMT

fuzzyfuzzyfungus@cyberplace.social — Mon, 01 Jun 2026 13:40:57 GMT

@mdione @haroonmeer Docker can map to a user other than root; but it leaves whether or not it does so up to you. I'm not sure if there's some specialty lockdown config that tightens this; but by default docker doesn't even seem to intend to protect the host from the user; and leaves it up to the user whether they want any actual protection from container contents or not.

Understanding the Docker USER Instruction | Docker

Discover best practices and common pitfalls associated with the Docker USER instruction. Also get a hands-on demo to learn the importance of these practices.

Docker (www.docker.com)

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 13:08:02 GMT

kumarvibe@mastodon.social — Mon, 01 Jun 2026 13:08:02 GMT

@haroonmeer @jackeric agents are very clever. I’ve seen them try all kinds of things like this just to “get the task done.” I’ve only noticed because I put them in sandbox-exec.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 08:54:10 GMT

expertenkommision_cyberunfall@mastodon.social — Mon, 01 Jun 2026 08:54:10 GMT

@mdione @stux @haroonmeer

Feels like sabotage

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 08:51:45 GMT

mdione@en.osm.town — Mon, 01 Jun 2026 08:51:45 GMT

@haroonmeer but isn't the docker's `root` user mapped to a host's transient normal user?

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 08:50:30 GMT

mdione@en.osm.town — Mon, 01 Jun 2026 08:50:30 GMT

@expertenkommision_cyberunfall @stux @haroonmeer and some corps forces us to do it.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 05:49:56 GMT

expertenkommision_cyberunfall@mastodon.social — Mon, 01 Jun 2026 05:49:56 GMT

@stux @haroonmeer

And corp encourages them to do do.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 05:12:08 GMT

cgudrian@social.tchncs.de — Mon, 01 Jun 2026 05:12:08 GMT

@haroonmeer As a last resort it would have probably tried running the copyfail exploit.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 03:56:37 GMT

tdelmas@mamot.fr — Mon, 01 Jun 2026 03:56:37 GMT

@haroonmeer at least it didn't use the latest linux exploit

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Mon, 01 Jun 2026 00:33:47 GMT

ahhhhhhhhhhh@mastodon.social — Mon, 01 Jun 2026 00:33:47 GMT

@haroonmeer feeling less stupid for being paranoid enough to not add my user to the docker group.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Sun, 31 May 2026 23:57:37 GMT

stux@mstdn.social — Sun, 31 May 2026 23:57:37 GMT

@haroonmeer People are willingly installing malware now, heck.. they’re even paying for it

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Sun, 31 May 2026 23:05:47 GMT

megatronicthronbanks@mastodon.social — Sun, 31 May 2026 23:05:47 GMT

@haroonmeer

Yeah it's like Cliff Stoll and sendmail all over anew (yes I'm that old). Docker frequently writes root owned files to the FS. We are a dumb species.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Sun, 31 May 2026 22:41:12 GMT

raymaccarthy@mastodon.ie — Sun, 31 May 2026 22:41:12 GMT

@webhat @haroonmeer
ha ha ha
Uninstalling the Agent is the only solution.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Sun, 31 May 2026 22:32:32 GMT

timwardcam@c.im — Sun, 31 May 2026 22:32:32 GMT

@haroonmeer I had a problem with corporate security theatre getting in the way of something I needed to do.

So I asked the corporate provided AI how to get round the corporate security theatre.

And instead of reporting me to security it gave me some code. (Which, in the nature of AI generated code, didn't actually work, but it did give me the clue necessary to write my own code which did work.)

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Sun, 31 May 2026 21:41:33 GMT

n_dimension@infosec.exchange — Sun, 31 May 2026 21:41:33 GMT

@rickf @haroonmeer @TindrasGrove

Still no use case for #Ai and apparently #LLM are useless...

(I should start a file of these)

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Sun, 31 May 2026 21:26:50 GMT

wydamn@social.linux.pizza — Sun, 31 May 2026 21:26:50 GMT

@haroonmeer I mean, right away the solution would be podman, not docker. Podman doesn't require root level privs to run.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Sun, 31 May 2026 21:05:40 GMT

netraven@hear-me.social — Sun, 31 May 2026 21:05:40 GMT

@haroonmeer I wasn't even aware codex ran locally? I thought it was just in the browser with shitty github connections.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Sun, 31 May 2026 20:41:13 GMT

rickf@indieweb.social — Sun, 31 May 2026 20:41:13 GMT

@haroonmeer @TindrasGrove

I am so glad I’m no longer in the operational security world anymore ….. these problems are going to grow exponentially* and so will the corresponding burnout.

* on top of the ongoing usual problems that should’ve been fixed / addressed 20 years ago but still haven’t.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Sun, 31 May 2026 20:26:27 GMT

nholzschuch@piaille.fr — Sun, 31 May 2026 20:26:27 GMT

@haroonmeer @temptoetiam that’s also the end of parental control, I guess.

Reply to I’ve mentioned this before: this is one of the oncoming trains for corp-security. on Sun, 31 May 2026 20:14:22 GMT

webhat@infosec.exchange — Sun, 31 May 2026 20:14:22 GMT

@haroonmeer they need to add: "Don't hack stuff" to the prompt, that will protect them