ralph / fedora-kickstarts

Forked from fedora-kickstarts 6 years ago
Clone
Source Code
GIT

7a6f836 docker: Don't use a hardcoded root password

Authored and Committed by Colin Walters 8 years ago
raw patch tree parent
1 file changed. 5 lines added. 1 lines removed.
fedora-docker-base.ks
file modified
+5 -1 
    docker: Don't use a hardcoded root password
    
    Best practice is to use unprivileged service daemons inside Docker
    containers.  But with this hardcoded root password, in the case of
    remote code execution, an attacker could trivially escalate their
    privileges to root/uid 0.  And while that's uid 0 inside a container,
    that's a much larger attack surface.
    
    Instead, do the same thing we're doing for the Cloud images: lock the
    root password, create a user to make Anaconda happy, then delete the
    user in %post.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1175997
file modified
+5 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.