Programmer Humor

31632 readers

1225 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 3 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

308

Life finds a way (lemmy.ml)

submitted 1 day ago by cm0002@libretechni.ca to c/programmer_humor@programming.dev

26 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] uuj8za@piefed.social 85 points 1 day ago* (last edited 1 day ago) (4 children)

I mean, there's a big ol' warning in the docs: https://docs.docker.com/engine/install/linux-postinstall/

The docker group grants root-level privileges to the user

But, I guess Docker doesn't really tell you not to do this... and I feel like a lot of mac users are not used to adding sudo at the front of docker commands so... idk.

[–] SirHaxalot@nord.pub 39 points 23 hours ago (1 children)

… and the Nextcloud developers think it’s completely reasonable to build a plugin system where you give this access to a web facing PHP application.

[–] prettybunnys@piefed.social 7 points 17 hours ago

What could possibly go wrong?

[–] SpaceNoodle@lemmy.world 45 points 1 day ago (1 children)

Sounds like Docker is just inherently unsecure.

[–] hperrin@lemmy.ca 18 points 1 day ago (1 children)

In the same way that sudo is.

[–] cornshark@lemmy.world 45 points 1 day ago (4 children)

Sudo makes you enter your password and docker doesn't?

[–] tabular@lemmy.world 9 points 17 hours ago

Sudo can/usually does ask for password - but if you're feeling lucky you can use sudo without a password.

(Currently doing that after repeatedly failing to install an OS and have not yet felt compelled to change it back).

[–] locuester@lemmy.zip 34 points 23 hours ago (1 children)

Docker does by default - it only works if you use sudo. But the docs tell you to add yourself to the docker group (which requires sudo to do). Then running docker doesn’t require sudo anymore.

[–] squaresinger@lemmy.world 41 points 23 hours ago

Yeah, that's a terrible decision in the docs. Don't ever add a path where anything on the shell can execute user-modifyable code as root.

As soon as you do that, you lose any protection that comes from separating root users and non-root users. Because now any malicious program can just use docker to elevate its code to root.

[–] Zikeji@programming.dev 22 points 1 day ago

Or don't give your user docker and use sudo to use the docker CLI to get the same effect. Hell, you could even alias docker as sudo docker to get the same feel.

[–] hperrin@lemmy.ca 4 points 1 day ago

Only if you tell it to.

[–] ChromaticMan@lemmy.world 18 points 22 hours ago (1 children)

Sadly, nobody reads docs anymore. Now that I’m thinking, people never read the docs.

[–] glibg10b@lemmy.zip 3 points 16 hours ago

I have never even looked at the Docker docs