Closed ivenn-scylladb closed 3 months ago
@ivenn-scylladb We create our images based on minimal OS with as minimal packages as possible. once you spin a new instance based on those images , you have sudo
privileges and you can install any editor you need
@yaronkaikov - it does make sense to install at least pico/nano to be able to locally edit files, though? I consider it basic debugging tool.
@yaronkaikov - it does make sense to install at least pico/nano to be able to locally edit files, though? I consider it basic debugging tool.
My personal preference is nano, but vi is also considered the bare minimum, on any Linux machine
I would also align it in the docker images, what ever is decided
@yaronkaikov - it does make sense to install at least pico/nano to be able to locally edit files, though? I consider it basic debugging tool.
My personal preference is nano, but vi is also considered the bare minimum, on any Linux machine
I would also align it in the docker images, what ever is decided
vi is too big, with its deps, to the best of my knowledge. It can also be scripted, which is not a good thing, from security perspective. I'm unsure why would you add an editor within a Docker image, but I don't have a very strong opinion here.
@mykaul:
@mykaul:
- Fedora has a vim-minimal package, it is not big and doesn't have many dependencies.
We are using Ubuntu Minimal. I assume it's there.
- I'm not sure how "can be scripted" is a security problem in an environment already giving you a full shell (and Python).
Any attack surface we can reduce is good.
- I agree with others that in a system that lets you ssh in and has editable configuration files, people expect to have a minimal editor.
- Either "nano" and "vi" seems reasonable to me. I personally prefer vi, but that's just a personal preference. It's also what I would have typed instinctively to edit something. The last person I knew to prefer "ed" was 35 years ago - I think we can rule that choice out. "pico" is considered an older "nano" (although both projects appear to have a life of their own now).
Whatever is small and is in Ubuntu is fine by me.
Any attack surface we can reduce is good.
If the only way to run vi is from the shell, and vi doesn't provide with with more power than the shell already has (and isn't setuid root or anything), I don't consider it a separate attack surface.
@mykaul Which text editor do we want? or it's not needed?
@mykaul Which text editor do we want? or it's not needed?
It is needed. vim-minimal if available sounds reasonable to me.
When I spin up a new instance in scylla cloud, there does not appear to be any editors installed to work on files locally: