Hacker News new | past | comments | ask | show | jobs | submit login

Is this better than using emacs over SSH?



If you have access to ssh client and can connect to your server, then not really.

Could however be better from security perspective if you don't want to expose a shell and the whole filesystem to potentially untrusted computers.


From a security perspective, access to emacs should be considered just as dangerous as a shell. As a trivial example, M-x shell will bring up a shell within emacs.


Based on [1] it looks like you could gain root within the docker container. From there, you need a bit of luck to get root on the host [2].

[1] https://github.com/karlicoss/cloudmacs/blob/master/asEnvUser [2] https://security.stackexchange.com/a/153016


Within the Docker container, everything runs as root by default, since container can't know your UID in advance. Main reason for this script is to make sure mounted files are not written back as root.

Although a section explaining how to build container that runs as non-root user in the first place (even though it requires modifying Dockerfile, I think) would be useful, so I'll add it, thanks!

Yep, potential kernel/Docker bugs would let you escape the sandbox, but I guess that's the risk I'm accepting.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: