How do i you decide whats safe to run

I recently ran Gossa on my home server using Docker, mounting it to a folder. Since I used rootless Docker, I was curious - if Gossa were to be a virus, would I have been infected? Have any of you had experience with Gossa?

  • Lemongrab@lemmy.oneEnglish
    0·
    4 months ago

    Idk how to decide what is safe or not, but as a warning, Docker containers can escape trivially and have access to the kernel.

    • verstra@programming.devEnglish
      0·
      4 months ago

      Can you expand on this wild claim? The whole point of containers is isolation so what you are saying is that containers fail at that all the time?

    • just_another_person@lemmy.worldEnglish
      0·
      4 months ago

      This is not true. Perhaps on an already at-risk or exploitable machine, but even then it’s not trivial, and this is not a widespread thing that happens everywhere all the time

      • kevincox@lemmy.mlEnglish
        1·
        4 months ago

        It is. Privilege escalation vulnerabilities are common. There is basically a 100% chance of unpatched container escapes in the Linux kernel. Some of these are very likely privately known and available for sale. So even if you are fully patched a resourceful attacker will escape the container.

        That being said if you are a low-value regular-joe patching regularly, the risk is relatively low.