davinkevin
commented
5 years ago The configuration before these changes is unsafe already. Database server process shouldn't have root privileges even inside a container.
This is not part of this issue 😉, I will do another one to fix this if possible.
But with these changes anyone who can connect to ports 81 or 1521 will effectively get root privileges in this container too.
yeah, but the one who runs the container should take care of this. In a Kubernetes cluster, which is my use case. The communication is handled through Network Policy or Istio RBAC Config, so the security to "access" is set at the infrastructure level.
Maybe some parameters shouldn't be set by default in this image, but like previously said, we should take care of this in another issue. For now, this one allows working in v1.4.199 like with previous versions.
tristantarrant
The configuration before these changes is unsafe already. Database server process shouldn't have root privileges even inside a container.
But with these changes anyone who can connect to ports 81 or 1521 will effectively get root privileges in this container too.