Rocket, a new container runtime from CoreOS [LWN.net]

Rocket, a new container runtime from CoreOS

Posted Dec 2, 2014 12:02 UTC (Tue) by ibukanov (subscriber, #3942)
Parent article: Rocket, a new container runtime from CoreOS

> running primarily as root on your server.

This is even worse. There are management images that ask to pass the docker daemon socket into the container. They use that, for example, to collect logs for all containers. As a result people get used not only to run randomly downloaded images but also run random images that can trivially get full root access to the host.

On the other hand an apparent docker success implies once again that one does not need to provide any security to be popular.

to post comments

Rocket, a new container runtime from CoreOS

Posted Dec 2, 2014 18:16 UTC (Tue) by drag (guest, #31333) [Link] (3 responses)

Having something that is insecure and works now is always preferable to something that is secure and doesn't exist yet.

Rocket, a new container runtime from CoreOS

Posted Dec 2, 2014 18:21 UTC (Tue) by droundy (guest, #4559) [Link] (1 responses)

I think that depends on the item in question. In some cases, it is better to have nothing rather than something that is broken. e.g. I'd rather have no online banking than online banking that allows someone what l else to take all my money. I'm not sure that docker is in that category, but an insecure convenience tool doesn't sound good.

Rocket, a new container runtime from CoreOS

Posted Dec 2, 2014 19:58 UTC (Tue) by drag (guest, #31333) [Link]

Well they just don't talk about security.

I never said it's a good policy. Personally I find it counter productive to treat security as a bolt-on, but that's just how things work in my experience.

Rocket, a new container runtime from CoreOS

Posted Dec 2, 2014 19:34 UTC (Tue) by mathstuf (subscriber, #69389) [Link]

Oddly, people then get into the rut of "if it ain't broke, don't fix it" when higher-ups say "Huh? Security costs how much? It works now right and hasn't had any issues?". If you know you need security, then work towards it. Putting it on the "Nice To Have" list usually puts it into a completely different timeframe, IME.

Rocket, a new container runtime from CoreOS

Posted Dec 2, 2014 19:52 UTC (Tue) by raven667 (subscriber, #5198) [Link] (1 responses)

> On the other hand an apparent docker success implies once again that one does not need to provide any security to be popular.

[rant]

One could also point out that while the security of running random code you download from the internet is always problematic, that the vast majority of the people on the internet and the code you download actually does just what it says and isn't trying to harm you, so that for the vast majority of the cases downloading Docker images isn't going to be an actual problem, only a potential one. This goes hand in hand with the fact that the vast majority of the people you meet aren't trying to kill you, so it's probably not a rational risk assessment to leave your house in the morning in a tank, unless maybe you live in a warzone.

There are real costs to security measures, they may prevent future loss, but they are always a loss now, time and money spent not making things better but instead potentially making them not worse. We should all be trying to make security technology either cheap (like signature verification) or unnecessary (only running code in the same security zone one a shared host), rather than pouring resources into more and more complicated security technology, that we then become reliant on because systems don't have more fundamental robustness.

Rocket, a new container runtime from CoreOS

Posted Dec 3, 2014 11:29 UTC (Wed) by dgm (subscriber, #49227) [Link]

> There are real costs to security measures, they may prevent future loss, but they are always a loss now

Do you run anti-virus software on your computer? Many people do. That's the real cost they have to pay for using a system that made the wrong choices regarding the security/convenience trade off.