And is this an actual thing that is possible to do? It seems relevant to a philosophical issue I’ve been thinking about for a while: every security layer (in computing, but suspect that it goes back further to the first time somebody built a wall of sticks and rocks) adds additional problems or possible break-in points that are then patched with more security layers on top. I’m however not an IT person (call me semi-IT as I translate IT-related documents) and don’t want to jump to conclusions. But from my tech-adjacent viewpoint that’s what it looks like - are we just heaping bullshit on top of more bullshit and creating something too complex to be manageable anymore?
So as another comment pointed out you don’t need to give your user account access to docker in this way, it’s an optional step, but one that I suspect many people do (since it’s part of the official docs).
What the LLM has done is silly, but completely possible. It climbed through the window that you left open.
But let’s jump to a different scenario, the ping command (on Linux). That’s a perfectly harmless command, right? You just want to say hello to another computer and see if they say hello back.
Except that historically the ping command was something called “setuid” which means when it ran it ran as root. It ran as root because in order for ping to work it has to create a special type of network packet that only root can create. But if you’re root you can run anything! So in theory ping opens a huge attack surface. If you have to worry about ping then is everything too complex to be manageable?
Luckily, as I said, this is a historical problem. The permissions ping needs have been moved to a specific capability and the command changed to utilize it and now ping can just run as a regular user without root privileges. But you can’t just make that change overnight. It takes a lot of time and effort.
So could the same be done for docker? Maybe. A rootless version of docker already exists. If you actually wanted to do what the LLM suggested, that wouldn’t work with a rootless docker, at least not without a bunch more configuration (and even then maybe).
And is this an actual thing that is possible to do? It seems relevant to a philosophical issue I’ve been thinking about for a while: every security layer (in computing, but suspect that it goes back further to the first time somebody built a wall of sticks and rocks) adds additional problems or possible break-in points that are then patched with more security layers on top. I’m however not an IT person (call me semi-IT as I translate IT-related documents) and don’t want to jump to conclusions. But from my tech-adjacent viewpoint that’s what it looks like - are we just heaping bullshit on top of more bullshit and creating something too complex to be manageable anymore?
So as another comment pointed out you don’t need to give your user account access to docker in this way, it’s an optional step, but one that I suspect many people do (since it’s part of the official docs).
What the LLM has done is silly, but completely possible. It climbed through the window that you left open.
But let’s jump to a different scenario, the
pingcommand (on Linux). That’s a perfectly harmless command, right? You just want to say hello to another computer and see if they say hello back.Except that historically the
pingcommand was something called “setuid” which means when it ran it ran as root. It ran as root because in order forpingto work it has to create a special type of network packet that only root can create. But if you’re root you can run anything! So in theorypingopens a huge attack surface. If you have to worry aboutpingthen is everything too complex to be manageable?Luckily, as I said, this is a historical problem. The permissions
pingneeds have been moved to a specific capability and the command changed to utilize it and nowpingcan just run as a regular user without root privileges. But you can’t just make that change overnight. It takes a lot of time and effort.So could the same be done for docker? Maybe. A rootless version of docker already exists. If you actually wanted to do what the LLM suggested, that wouldn’t work with a rootless docker, at least not without a bunch more configuration (and even then maybe).
So is security hard? Yes. Is it impossible? No.