Hacker News new | past | comments | ask | show | jobs | submit login

Unfortunately, sysadmins have resolutely refused to make the right choices, thus forcing the issue.



Since I bump back and fourth between sysadmin and programmer gigs, I don't get why a system admin wouldn't want a programmer to build their software with privilege separation? What am I missing? Having a secure system is a big deal for a system admin (these days the #1 deal), but at some point you have to rely on a programmer getting it right.


Privsep is great; I use it whenever I can. I also have tiny embedded systems that don't support it, as well as containerized systems that don't need it.


Thinking that containers don't need privsep is exactly why this choice has been taken away.


Because my containers use the exact same mechanisms a privsep scheme would use.


Why would a containerized system not need it? Defense in depth would be a good thing.


Because Docker isn't running as root to begin with; it just convinces the containerized process that it is.


You've just demonstrated that you don't understand either the goals or mechanism of privilege separation: 1) it doesn't require root and 2) it protects more than the root account.


Aren't those the "unprivileged containers" that keep showing up as having huge security vulnerabilities?




Applications are open for YC Summer 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: