In todays episode of "fun with #gitlab":
While modifying an image because ssh login is not working I found out that sshd_config and some other files are chmod 666.
It is worth mentioning that gitlab-ci checkouts are chmod 666 and developers will forget about that!
It is also worth mentioning that I reported the gitlab-runner script doing that as a security risk 2 years ago!
🙈 🙊 🙉
Follow
I will probably add a file permission scanner into podman-tools which shuts down, or changes any chmod 666 and 777 permissions within a container before running them. I mean, how hard can it be? 🤔
