back to article How secure is Docker? If you're not running version 1.3.2, NOT VERY

A nasty vulnerability has been discovered in the Docker application containerization software for Linux that could allow an attacker to gain elevated privileges and execute code remotely on affected systems. The bug, which has been corrected in Docker 1.3.2, affects all previous versions of the software. "No remediation is …

  1. Captain DaFt

    No one ever learns

    Yo, programmers! Weinberg's Law:

    "If builders built buildings the way programmers wrote programs, the first woodpecker that came along would destroy civilization."

    He stated this way back in 1971, and nothing in programming, save the names of the languages used, has changed much since.

    1. Anonymous Coward
      Anonymous Coward

      Re: No one ever learns

      "If builders built buildings the way programmers wrote programs, ....."

      And you would never be able to find the toilet at night either.

    2. Destroy All Monsters Silver badge
      Thumb Down

      I am old enough to have seen a Unicos Cray and what is this

      > Weinberg's Law

      Someone spouts a bizarre meme (Since when is this being attributed to Weinberg btw, a person very much unconnected to computers?), this is then uplifted to "law" and is then repeated by windbags regularly. Meanwhile A380s that have been software-designed and are flying heaps of computers ACTUALLY FLY.

      > He stated this way back in 1971, and nothing in programming, save the names of the languages used, has changed much since.

      More sophomoric shit. If that were true, we would still be discussing whether structured programming were a good idea.

      1. Anonymous Coward
        Anonymous Coward

        Re: I am old enough to have seen a Unicos Cray and what is this

        COBOL is structured programming. :-P

  2. thames

    "which could have allowed an attacker to craft a malicious image that wrote files to arbitrary directories on disk"

    Of course if the source of the software (the image) you are downloading and installing has already been pwned by an attacker, then you are in pretty serious trouble in any case. Even without this exploit they could do all sorts of bad things just with normal rights, such as writing to your database.

    This problem applies to any sort of software installation, not just Docker. With or without this bug, you would probably be best advised to nuke the server and re-install from trusted sources.

    I've looked at the Docker image repos, and I don't see any mention of image signatures. If they aren't signing images, they should be, like Linux repos do.

    1. Destroy All Monsters Silver badge

      I've looked at the Docker image repos, and I don't see any mention of image signatures. If they aren't signing images, they should be, like Linux repos do.

      I hope so, otherwise COMDEDY GOLD events are sure to happen.

  3. foo_bar_baz
    Boffin

    Nothing new or unique

    "If a management application allows users to upload pre-created disk images in non-raw formats, it can be tricked into giving the user access to arbitrary host files via the copy-on-write backing file feature ... always validate that a disk image originating from an untrusted source has no backing file set" https://libvirt.org/secureusage.html

    Docker just happens to be very promiscuous with image files, so the threat is fairly significant.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019