this post was submitted on 09 Jan 2025
990 points (98.1% liked)

Programmer Humor

20155 readers
1977 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
990
Works on my machine (lemm.ee)
submitted 2 weeks ago by muntedcrocodile@lemm.ee to c/programmer_humor@programming.dev
88 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] MajorHavoc@programming.dev 11 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Oof. I'm anxious that folks are going to get the wrong idea here.

While OCI does provide security benefits, it is not a part of a healthly security architecture.

If you see containers advertised on a security architecture diagram, be alarmed.

If a malicious user gets terminal access inside a container, it is nice that there's a decent chance that they won't get further.

But OCI was not designed to prevent malicious actors from escaping containers.

It is not safe to assume that a malicious actor inside a container will be unable to break out.

Don't get me wrong, your point stands: Security loves it when we use containers.

I just wish folks would stop treating containers as "load bearing" in their security plans.