Docker containers aren't the only problem.. EC2 AMI's, random screensavers you found attached to emails from your friends, new binary software you installed for free 'from the internet', random chrome/firefox extensions, iphone/android apps, blank USB keys that you found lying on the ground near your workstation..
One tricky one is copy/pasting shell commands from web pages. Even if you're sure the command it shows you is benign, it's relatively easy to make it so that what gets pasted is malicious. Paste into a safe place first and look at it there before you run it, don't just look at what's on the web page.
On second look, this might be more benign than it first appears.
I spent about thirty seconds digging through the package and the net. The mentioned SSL certificates don't seem to exist in that repo or referenced in google, but I did find this package that appears to generate said certs for you. https://github.com/joemiller/joemiller.me-intro-to-sensu
So it looks like (again, quick read) you're installing your own self-signed certs, which wouldn't imply any significant security risk assuming the script creates the files securely etc.
To be fair, that's almost the only part of that Dockerfile that isn't all sorts of wrong, though not in a security vulnerability sense. Seeing that many yum installs in their own RUN commands is a sure sign of a Docker newb.
I don't really understand why people don't bother building their own containers. The process is trivial, and very scriptable. Somebody built a container you want to use? Grab the Dockerfile and DIY. You might even learn something in the process..
Given the benign nature of the self-signed certs, we should restart the holy war that docker shouldn't contain supervisor. An excellent use of everyone's time
[+] [-] jamiesonbecker|11 years ago|reply
[+] [-] mikeash|11 years ago|reply
[+] [-] jamiesonbecker|11 years ago|reply
I spent about thirty seconds digging through the package and the net. The mentioned SSL certificates don't seem to exist in that repo or referenced in google, but I did find this package that appears to generate said certs for you. https://github.com/joemiller/joemiller.me-intro-to-sensu
So it looks like (again, quick read) you're installing your own self-signed certs, which wouldn't imply any significant security risk assuming the script creates the files securely etc.
[+] [-] mistaken|11 years ago|reply
[+] [-] lstamour|11 years ago|reply
[+] [-] wereHamster|11 years ago|reply
[+] [-] curun1r|11 years ago|reply
[+] [-] erkose|11 years ago|reply
[+] [-] zwischenzug|11 years ago|reply
[+] [-] pja|11 years ago|reply
[+] [-] mdekkers|11 years ago|reply
[+] [-] mdekkers|11 years ago|reply
[+] [-] lordsheepy|11 years ago|reply
[+] [-] AReallyGoodName|11 years ago|reply
If it does what the parameters suggest what's the issue here?