back to article Batten down the patches: New vuln found in Docker container tech

More security woes plagued users of the Docker application containerization tech for Linux this week, after an earlier security patch was found to have introduced a brand-new critical vulnerability in the software. The Docker 1.3.2 update, which was released in November to address critical bugs that could be exploited by an …

  1. Anonymous Coward
    Anonymous Coward

    To be expected

    This is what happens when security is not designed in from the start.

    Add in the systemd monolith running in PID1 and you have security breaches on an epic scale simply waiting to happeN.

    Linux had better get their house in order if they don't want to be seen as a bigger joke than they already are.

    If you thought Heartbleed was bad, you haven't seen anything yet...

    1. Anonymous Coward
      Holmes

      Re: To be expected

      Troll much? And not very subtle are you, squeezing a systemd blast into a comment on a Docker article.

      Back to Trolling 101 class for you, Coward.

      1. Anonymous Coward
        Anonymous Coward

        Re: To be expected

        This troll is correct. Systemd is relevant here; Docker is driving a lot of the buzz around it. And these Docker vulns, W-T-F... these aren't arcane virtualization issues, these are just stupid Unix tricks biting these guys in the ass. (Judging by what I read, anyway... I don't actually *use* any of this shite.)

        1. Ben Tasker Silver badge

          Re: To be expected

          There's a lot of excitement over Docker, but it does seem like they're letting some truly trivial vulnerabilities through the door, it's not exactly re-assuring.

        2. Anonymous Coward
          Holmes

          Re: To be expected

          @tnovelli - "This troll is correct. Systemd is relevant here"

          No. There is a lot of buzz around systemd integration with Docker, but Docker works just fine on Ubuntu under upstart and on other non-systemd systems (Slackware and Gentoo for example). Upstart seems to handle automatic starting and restarting of containers similar to systemd. I wouldn't move to a distro running systemd just to use Docker.

    2. Anonymous Coward
      Anonymous Coward

      Re: To be expected

      "Linux had better get their house in order if they don't want to be seen as a bigger joke than they already are."

      Quite. It still uses fundamentally insecure approaches like SUDO instead of proper constrained delegation. Having your security functionality dependent on what file system version your OS lives on LOL? It's out of the dark ages. Linux should take a look at the Windows security model which is in general vastly superior to the Linux one and take a similar approach.

      1. Robert Helpmann??
        Childcatcher

        Re: To be expected

        Having your security functionality dependent on what file system version your OS lives on LOL?

        So how is that not the case elsewhere? You will have a hard time enforcing ACLs on a drive formatted with some derivative of FAT (current examples include most thumb drives), even if you are using Windows. Sure, it would be better to bake encryption into Docker containers, and yes, Windows might offer some examples of a valid direction in which to proceed, but I would not be anxious to recreate the oft-confused difference between granting rights on a network share and rights to the contents of the share.

  2. frank ly

    Pre-flight checks

    Maybe they should run it past Tõnis Tiigi before they go public. He seems to be good at this.

  3. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022