If docker-compose run is safe, docker run is safe... right?
(I could be convinced otherwise. docker-compose run evil stuff requires that you first have a service named evil in your docker-compose.yml file, whereas docker run evil stuff will attempt to download the evil image from dockerhub. That said, if you're looking at 3rd-party code with an evil .dir-locals.el file, presumably there's nothing stopping that 3rd party code from also having an evil docker-compose.yml file, so this doesn't seem to open up any interesting new attacks)
dgutov
commented
6 years ago
If
docker-compose runis safe,docker runis safe... right?(I could be convinced otherwise.
docker-compose run evil stuffrequires that you first have a service namedevilin your docker-compose.yml file, whereasdocker run evil stuffwill attempt to download theevilimage from dockerhub. That said, if you're looking at 3rd-party code with an evil .dir-locals.el file, presumably there's nothing stopping that 3rd party code from also having an evil docker-compose.yml file, so this doesn't seem to open up any interesting new attacks)