Comments (3)
ikreymer
commented on July 24, 2024
Ah, thanks for this.. I wonder if there is a way around this.. With Swarm, I am not exposing this socket, but the swarm socket, although it seems that the risks would be similar.. I guess the risk is volume mounting specifically..
from netcapsule.
atomotic
commented on July 24, 2024
maybe this https://github.com/jpetazzo/dind or using http endpoint and not the socket (not sure if is still available in docker or is a deprecated feature). i'll investigate a bit further
from netcapsule.
ikreymer
commented on July 24, 2024
Hm, thinking about this more, I don't really think this as much a concern, as the socket is exposed to the application container (netcapsule/app), not the individual browser containers.. So, yes, if an attacker gains access to the application container, that would be an issue.. But, that's no different than if an attacker gains access to the host machine itself.. The individual browser containers, which is what is served over vnc, do not have access to the socket and can not spawn new containers..
from netcapsule.
Related Issues (20)
- Configure the user-agent in the MemGator instance
- New Browsers To Add
- Add unified config for single machine or Swarm
- Rethink browser selection menu to support more browsers
- Install Shockwave/Flash on some browsers HOT 1
- Add more non-Latin fonts HOT 1
- Fix some security issues HOT 7
- Add AppArmor profiles to limit exec capabilities in containers HOT 1
- option to browse the live web HOT 2
- Add WWW, the first browser, running in NeXT!
- Add Lynx Browser
- Show date of publication for browser selection menu HOT 1
- Add detection of firewall blocking non-port 80 connections
- The proxy doesn't seem to be working HOT 2
- Could u pls remove the oldweb of "av9.cc"? HOT 1
- New browsers
- run-local.sh not working HOT 1
- oldweb.today Has 502 Bad Gateway error.
- oldweb.today doesnt work
- downloading files. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from netcapsule.