Added user config to Dockerfile #297
Conversation
| @@ -13,4 +13,11 @@ RUN true | |||
| COPY --from=builder application/snapshot-dependencies/ ./ | |||
| RUN true | |||
| COPY --from=builder application/application/ ./ | |||
|
|
|||
| RUN uid=$(($(($((`date +%s` / 60)) % 165535)) + 100000)) \ | |||
There was a problem hiding this comment.
this seems unecessarily complex. Why not a fixed uid?
There was a problem hiding this comment.
because using a a random id makes it harder for someone to say run a different docker container connected to the same volume as the one you are running and have access to your files, especially if backed by NFS or something similar. Not the end all be all in security but it does increase the barrier to entry for malicious users.
|
@gerethd Why did you close this? |
Because I continuously found more and more issues with this backend and at a certain point it became easier, and quicker with less hassle just to start over with a custom backend that is more specific to what I need from it, and a proper database to back it. Feel free to reopen and merge but I decided I didn't want to spend the time and effort to push this through for a application I'm no longer using, not to mention having to justify basic container security practices such as this is a major red flag security wise, as any vunlerabilty scanner for containers will tell you the same thing. |
No description provided.