Subj : Re: MysticBBS on NAS (NFS or iSCSI)
To   : deon
From : esc
Date : Wed Nov 09 2022 12:17 am

 de> I see and hear many people think "docker" = "not secure" - primarily
 de> because of the lack of understanding of this docker group.

Per docker's own documentation:

"Warning: The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface."

Docker containers also share the same kernel as the host as well as a number of other resources. So yes, it's containerized, but not like...qemu, for example.

Anyway Docker is a very common attack surface due to how widespread it is. When doing pentests it has always been one of the initial details to enumerate. *shrug*

I think the confusion is people hear "container" and they think everything becomes completely isolated, which is not the case.

 de> Like anything deployed on a publically network connected system, you
 de> should understand the security around what you are deploying before
 de> trusting it implicitly.

Agreed! I don't think a lot of people do this, though. :(

 de> That said, I've been primarily using docker for many years now, on many
 de> systems, and I've never been compromised. In fact, I think the last time
 de> I was compromised (probably 10+ years ago now) I concluded that they got
 de> in via a vulnerability in SSH (that machine only had ssh and nginx on
 de> it).

Nice. I was compromised a number of years ago because of php. Go figure. :/

--- Mystic BBS v1.12 A48 2022/07/11 (Linux/64)
 * Origin: m O N T E R E Y b B S . c O M (21:4/173)

.