• Dasnap@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    The amount of the internet and cloud infrastructure that is built on public Docker images makes this… worrying.

    • Ellie@lemmy.silkky.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      This isn’t really surprising and isn’t actually a real security issue with Docker itself or any of the popular public images. Docker Hub is a public registry so people inexperienced with Docker accidentally include secrets in their images and upload it to Docker Hub, this is actually pretty well known and the Docker docs specifically warn people about this.

      • Fryboyter@discuss.tchncs.deOP
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        How can you be sure it doesn’t affect popular images? The probability may be lower, but I don’t think you can rule it out.

        • Ellie@lemmy.silkky.dev
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          The most popular images on Docker Hub are official / library images, they are curated and monitored by Docker for best practices and security vulnerabilities. I’m not saying that means you should trust them completely, it’s always best practice to read the source of an image before you use it.

        • deejay4am@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          1 year ago

          This doesn’t mean that YOUR secrets are exposed by using the image, btw - this means that whomever built that image would be accidentally exposing their secrets.

          Unless you built the image and added your secrets to it and then uploaded it to a public Docker registry. But again, that’s not a flaw in Docker.