Add Readme.md security warning

jupyter / tmpnb

Creates temporary Jupyter Notebook servers using Docker containers. [DEPRECATED - See BinderHub project]

https://github.com/jupyterhub/binderhub

BSD 3-Clause "New" or "Revised" License

528 stars 123 forks source link

Add Readme.md security warning #266

Closed misolietavec closed 7 years ago

misolietavec commented 7 years ago

I discovered the minergate-cli (cryptocurrency miner) running in one of tmpnb containers, fully eating all the 16 cores on server. There should be a strong warning in "Quick start" session of Readme.md that it is possible to install and run arbitrary softvare as root in the container with that simple configuration. It is very dangerous, especially if running containers several days...

misolietavec commented 7 years ago

Hmm, the warning itself is not helpful. Notebooks in containers will start as root (can I start the docker run ... as ordinary user?). This can be cured by adding the option --container-user=jovyan to orchestrate.py in the sample command in section "Quick start". May I suggest to add this to Readme.md? I think, this can help many users.

rgbkrk commented 7 years ago

Sure, feel free to make a PR.

misolietavec commented 7 years ago

PR made, merged. I can close the issue.

willingc commented 7 years ago

Thanks @misolietavec!