• 14 Posts
  • 773 Comments
Joined 4 years ago
cake
Cake day: January 21st, 2021

help-circle

  • The Linux kernel is less secure for running untrusted software than a VM because most hypervisors have a far smaller attack surface.

    how many serious organization destroying vulnerabilities have there been? It is pretty solid.

    The CVEs differ? The reasons that most organizations don’t get destroyed is that they don’t run untrusted software on the same kernels that process their sensitive information.

    whatever proprietary software thing you think is best

    This is a ridiculous attack. I never suggested anything about proprietary software. Linux’s KVM is pretty great.


  • I think assuming that you are safe because you aren’t aware of any vulnerabilities is bad security practice.

    Minimizing your attack surface is critical. Defense in depth is just one way to minimize your attack surface (but a very effective one). Putting your container inside a VM is excellent defense in depth. Putting your container inside a non-root user barely is because you still have one Linux kernel sized hole in your swiss-cheese defence model.


  • I never said it was trivial to escape, I just said it wasn’t a strong security boundary. Nothing is black and white. Docker isn’t going to stop a resourceful attacker but you may not need to worry about attackers who are going to spend >$100k on a 0-day vulnerability.

    The Linux kernel isn’t easy to exploit as if it was it wouldn’t be used so heavily in security sensitive environments

    If any “security sensitive” environment is relying on Linux kernel isolation I don’t think they are taking their sensitivity very seriously. The most security sensitive environments I am aware of doing this are shared hosting providers. Personally I wouldn’t rely on them to host anything particularly sensitive. But everyone’s risk tolerance is different.

    use podman with a dedicated user for sandboxing

    This is only every so slightly better. Users have existed in the kernel for a very long time so may be harder to find bugs in but at the end of the day the Linux kernel is just too complex to provide strong isolation.

    There isn’t any way to break out of a properly configured docker container right now but if there were it would mean that an attacker has root

    I would bet $1k that within 5 years we find out that this is false. Obviously all of the publicly known vulnerabilities have been patched. But more are found all of the time. For hobbyist use this is probably fine, but you should acknowledge the risk. There are almost certainly full kernel-privilege code execution vulnerabilities in the current Linux kernel, and it is very likely that at least one of these is privately known.


  • It is. Privilege escalation vulnerabilities are common. There is basically a 100% chance of unpatched container escapes in the Linux kernel. Some of these are very likely privately known and available for sale. So even if you are fully patched a resourceful attacker will escape the container.

    That being said if you are a low-value regular-joe patching regularly, the risk is relatively low.


  • kevincox@lemmy.mltoSelfhosted@lemmy.worldSecurity and docker
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    2
    ·
    2 days ago

    Docker (and Linux containers in general) are not a strong security boundary.

    The reason is simply that the Linux kernel is far too large and complex of an interface to be vulnerability free. There are regular privilege escalation and container escapes found. There are also frequent Docker-specific container escape vulnerabilities.

    If you want strong security boundaries you should use a VM, or even better separate hardware. This is why cloud container services run containers from different clients in different VMs, containers are not good enough to isolate untrusted workloads.

    if Gossa were to be a virus, would I have been infected?

    I would assume yes. This would require the virus to know an unpatched exploit for Linux or Docker, but these frequently appear. There are likely many for sale right now. If you aren’t a high value target and your OS is fully patched then someone probably won’t burn an exploit on you, but it is entirely possible.





  • This is a great point, but it probably doesn’t do the job as well as more modern alternatives.

    1. Easy to lose, possible data leak concerns.
    2. Easy to retain data that should have been deleted.
    3. Easy to lose data if a disk gets lost or damaged.
    4. Likely wastes time when trying to track down the disk you need to getting someone to transfer it.
    5. Lack of access logs and auditing capabilities.
    6. Easy way for viruses to spread.

    Modern IT managed file servers solve a lot of real problems when well-managed.



  • There are a few reasons. Some of them are in the users’ interest. Lots of people phrase their search like a question. “How do I turn off the wifi on my blue windows 11 laptop?”

    While ignoring stopwords like “the” and “a” has been common for a while there is lots of info here that the user probably doesn’t actually care about. “my” is probably not helping the search, “how” may not either. Also in this case “blue” is almost certainly irrelevant. So by allowing near matches search engines can get the most helpful articles even if they don’t contain all of the words.

    Secondly search engines often allow stemming and synonym matching. This isn’t really ignoring words but can give the appearance of doing so. For example maybe “windows” gets stemmed to “window” and “laptop” is allowed to match with “notebook”. You may get an article that is talking about a window of opportunity and writing in notebooks and it seems like these words have been ignored. This is generally helpful as often the best result won’t have used the exact same words that you did in the query.

    Of course then there are the more negative reasons.

    1. Someone decided that you can’t buy anything if your product search returns no results. So they decided that they will show the “closest matches” even if nothing is anywhere close. This is infuriating and I have stopped using many sites because of it.
    2. If you need to make more searches or view more pages you also see more ads.

  • There are some password managers where you need to either manually look up passwords and copy+paste or autotype them or select the correct password from a dropdown. Some of these will come with an optional browser extension which mitigates this but some don’t really tract domain metadata in a concrete way to do this linking.

    Some examples would be Pass which doesn’t have any standard metadata for domain/URL info (although some informal schemes are used by various tools including browser-integration extensions) and KeePass which has the metadata but doesn’t come with a browser extension by default.





  • Tips for being secure online:

    1. Use your browser’s password manager to generate random passwords.
    2. In the rare case you need to manually enter your password into a site or app be very suspicious and very careful.
    3. Never give personal information to someone who calls or emails you. If necessary look up the contact info of who called you yourself and call them back before divulging and details. Keep in mind that Caller ID and the From address of emails can be faked.
    4. Update software regularly. Security problems are regularly fixed.

    That’s really all you need. You don’t even need 2FA, it is nice extra security but if you use random passwords and don’t enter your passwords into phishing sites it is largely unnecessary.


  • I’m not an expert on modern alarm systems but it seems that it is very common and fairly inexpensive to have cellular data backup. Not every system has it, but many do. In that case cutting the main connection will likely result in someone appearing on site fairly quickly.

    Many cameras also have some form of local buffering. So even if you are gone before someone does show up you still may find yourself recorded.

    But at the end of the day just put a bag over your head and you can be gone by the time anyone shows up without leaving a meaningful trace. Other than the very top-end system security systems just keep the honest people honest.