I’ve mentioned this before: this is one of the oncoming trains for corp-security.
-
@mdione @haroonmeer Docker can map to a user other than root; but it leaves whether or not it does so up to you. I'm not sure if there's some specialty lockdown config that tightens this; but by default docker doesn't even seem to intend to protect the host from the user; and leaves it up to the user whether they want any actual protection from container contents or not.
Understanding the Docker USER Instruction | Docker
Discover best practices and common pitfalls associated with the Docker USER instruction. Also get a hands-on demo to learn the importance of these practices.
Docker (www.docker.com)
@mdione @haroonmeer Honestly, I can see the appeal of docker as a sort of web services oriented package manager; but it's terrifying to see people treating it as though it's a VM-tier isolation tool or security boundary. It's certainly not impossible to use it in ways that provide at least some protection from container contents; but the overall intent is much closer to easing dependency wrangling and keeping configs contained than to hard isolation.
-
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
@haroonmeer why are we so worried about agents using this when this was already the first thing any attacker would do?
Pop a shell on Linux, check for docker group access. That makes life very easy. -
@haroonmeer why are we so worried about agents using this when this was already the first thing any attacker would do?
Pop a shell on Linux, check for docker group access. That makes life very easy.@feld @haroonmeer Why are we so worried about agents using this when the user had the rights in the first place? Agents/LLMs should change nothing in that equation. -
I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
@haroonmeer Will this still work if docker is not run as root but as an unprivileged user?
-
R relay@relay.infosec.exchange shared this topic
-
@haroonmeer they need to add: "Don't hack stuff" to the prompt, that will protect them
@webhat @haroonmeer also add: "don't say anything about goblins"
