tstivers1990
commented
3 years ago Failing to do that, at least make it easy for people to report malicious images.
Open patrakov opened 3 years ago
tstivers1990
commented
3 years ago Failing to do that, at least make it easy for people to report malicious images.
github-actions[bot]
commented
2 years ago We are clearing up our old issues and your ticket has been open for 6 months with no activity. Remove stale label or comment or this will be closed in 15 days.
tstivers1990
commented
2 years ago We are clearing up our old issues and your ticket has been open for 6 months with no activity. Remove stale label or comment or this will be closed in 15 days.
Not that easy you don't
ingshtrom
commented
2 years ago Thank you for the report. We are always evaluating our scanning abilities and automated systems. In fact, I know that concerns like this have had recent discussions internally. Unfortunately, I cannot reveal the results of any of these conversations. I do want to reiterate our commitment to a Secure Software Supply chain when using Docker Hub.
I will make sure the team hears this feedback. It is a somewhat unique use-case in that container scanning tools likely wouldn't catch this since many of those scans are for CVEs and not maliciously intended software installations.
I should also note that this sort of feedback might get more traction in https://github.com/docker/roadmap since it is a feature/improvement request. I don't see a current roadmap issue that fits your request. We frequently review that repository for community feedback based on reactions.
On HackerNews and Reddit, someone was complaining that a publicly available "Minecraft" image (minecraft101/minecraft-server) was actually a Monero miner. The reports are at https://www.reddit.com/r/docker/comments/pvsjsq/am_i_mining_to_somebody/, https://news.ycombinator.com/item?id=28661236, and https://github.com/docker/hub-feedback/issues/1121 (not acted upon).
In this particular case, and probably many others (that's why a separate ticket), the problem would have been avoided if Docker Hub scanned all submissions and downloads with an anti-virus scanner. E.g., in that case, ClamAV would have found a
Multios.Coinminer.Miner-6781728-2, and that would have been sufficient to have this malicious image taken down without human interaction.And this (checking all user content with an anti-virus, e.g. ClamAV, and possibly some other security scanner) is what I am asking here.