In todays episode of "fun with ":

While modifying an image because ssh login is not working I found out that sshd_config and some other files are chmod 666.

It is worth mentioning that gitlab-ci checkouts are chmod 666 and developers will forget about that!

It is also worth mentioning that I reported the gitlab-runner script doing that as a security risk 2 years ago!

🙈 🙊 🙉

Follow

I will probably add a file permission scanner into podman-tools which shuts down, or changes any chmod 666 and 777 permissions within a container before running them. I mean, how hard can it be? 🤔

· · Web · 0 · 0 · 1
Sign in to participate in the conversation
Conesphere.Social

This is the social network for Conesphere.com's community.