1053
Works on my machine (lemm.ee)
submitted 1 day ago by muntedcrocodile@lemm.ee to c/programmer_humor@programming.dev
84 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] MajorHavoc@programming.dev 10 points 5 hours ago* (last edited 5 hours ago)

Oof. I'm anxious that folks are going to get the wrong idea here.

While OCI does provide security benefits, it is not a part of a healthly security architecture.

If you see containers advertised on a security architecture diagram, be alarmed.

If a malicious user gets terminal access inside a container, it is nice that there's a decent chance that they won't get further.

But OCI was not designed to prevent malicious actors from escaping containers.

It is not safe to assume that a malicious actor inside a container will be unable to break out.

Don't get me wrong, your point stands: Security loves it when we use containers.

I just wish folks would stop treating containers as "load bearing" in their security plans.

this post was submitted on 09 Jan 2025
1053 points (98.3% liked)

Programmer Humor

19932 readers
1607 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev