• Dandroid@dandroid.app
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    3
    ·
    1 year ago

    I never said I was relying on it alone. Not sure why you think that.

    That’s a great link. Thank you for sharing. It’s good that docker supports this functionality now.

      • BlueBockser@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I think you’re interpreting too much. Security is about layers and making it harder for attackers, and that’s exactly what using a non-root user does.

        In that scenario, the attacker needs to find and exploit another vulnerability to gain root access, which takes time - time which the attacker might not be willing to spend and time which you can use to respond.

          • BlueBockser@programming.dev
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            Funny how you claim to know so much about security but can’t even seem to comprehend my comment. I know root shell exploits exist, that’s why I wrote that it takes additional time to get root access, not that it’s impossible. And that’s still a security improvement because it’s an additional hurdle for the adversary.

            • apigban@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              1 year ago

              the person you are replying to either lacks comprehension or maybe just wants to be argumentative and doesn’t want to comprehend.

              • BlueBockser@programming.dev
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Once again, you’re going off on an unrelated tangent. If you don’t want to listen, I can’t help you. We’re done here.