undefined | Better HN

0 pointscyanydeez7d ago0 comments

im not sure people understand the security vectors. a user with docker permissions effectively has root permissions.

often, docker in docker is used to manage docker orchestration. putinng a user in a docker and peoviding docker access is security through obscurity.

on the flip side, i see people blindly installing tools and skills not understanding they are pushing context and capabilities without any significant security features.

Imagine mythos is actually exceptional hacker. if you give it a well crafted malicious prompt, its going to even more insecure.

the double edged sword is really fascinating to think about

0 comments

jeswin6d ago

Docker has not required root for a long time, at least on Linux. There's even a convenience script for it: https://get.docker.com/rootless

Almost everyone I know installs docker rootless.

j / k navigate · click thread line to collapse

0 comments

jeswin6d ago

Docker has not required root for a long time, at least on Linux. There's even a convenience script for it: https://get.docker.com/rootless

Almost everyone I know installs docker rootless.

j / k navigate · click thread line to collapse