this post was submitted on 01 Jun 2026
166 points (98.3% liked)

Programmer Humor

42317 readers
348 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 6 years ago
MODERATORS
cat_programmer@lemmy.ml
AgreeableLandscape@lemmy.ml
166
Life finds a way (lemmy.ml)
submitted 2 days ago by yogthos@lemmy.ml to c/programmerhumor@lemmy.ml
32 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] schmorpel@slrpnk.net 16 points 2 days ago (3 children)

Can somebody eli5 this to a luddite please?

[–] RichardNixos@lemmy.ml 36 points 2 days ago (2 children)

Imagine there is a safe in your house. You ask your butler to update your documents that are inside the safe, but you forgot that the butler doesn't have the key. Instead of asking you for the key, the butler builds a dollhouse, puts a tiny safe inside the dollhouse, and then does some magic to bind the fates of the dollhouse safe and the real safe together. The butler then opens the dollhouse safe using the dollhouse key, and updates the tiny dollhouse documents, which causes the real documents in the real safe to update as well. This causes you great consternation.

[–] bountygiver@lemmy.ml 1 points 13 hours ago* (last edited 13 hours ago)

You didn't forgot the butler doesn't have the key. When you hired the butler you already gave permission to let the butler cast that magic linking from the dollhouse to the safe already (so that you don't have to keep giving the butler the key when he needs to create new dollhouses that can move stuffs around the safe).

The issue here is that this butler don't have another separate security protocol to make sure you are the one who can limit what he does with the dollhouse. Any guest that are already invited to your house can ask the butler to do things, so they get to touch the contents of the safe even without the key to the safe.

[–] schmorpel@slrpnk.net 6 points 2 days ago (1 children)

Great explanation. The vintage imagery deserves the Luddite Seal of Approval. If you are not a teacher you might consider becoming one.

[–] RichardNixos@lemmy.ml 5 points 1 day ago

I accept your Seal gratefully 🙇‍♂️

[–] MimicJar@lemmy.world 26 points 2 days ago (3 children)

Sure. So we don't know the original question but we can see that changes were made to SDDM, which is basically your login screen. So the original request was probably something like "Can you change my login screen to do something cool?"

Now, the configuration for the login screen is located in /etc and requires administrative privileges to change.

The query was run by the user account and not an admin account. Typically to run something as admin you use the command sudo which will interactively ask for a password and then, if allowed, you can run the command as an admin.

However the tool docker, in order to function properly, has the ability to run commands as administrator and won't prompt for a password.

So basically what happened here is instead of asking for a key to unlock the front door to your house, it installed a new door on the second floor, went through that door, rearranged your refrigerator, went back out the door it created, and then patched up the hole perfectly.

[–] melmi@lemmy.blahaj.zone 13 points 2 days ago (3 children)

The docker command doesn't have to allow you to run commands as administrator to function properly. You can simply leave the docker group empty and run docker commands via sudo. Using the docker group is essentially equivalent to enabling passwordless sudo as far as security is concerned.

[–] WhiteOakBayou@lemmy.world 4 points 1 day ago* (last edited 1 day ago)

I'm glad you explained this. I've been using docker for years and have always used sudo docker

[–] MimicJar@lemmy.world 2 points 2 days ago

That's fair. So it's more like you already have a door on the second floor, that door is unlocked, and a ladder in your garage.

In this case the LLM knows about the ladder, but you forgot about it because you're talking about the fridge on the first floor.

[–] MangoCats@feddit.it 1 points 2 days ago (1 children)

enabling passwordless sudo

This is the way. Physical security FTW.

[–] melmi@lemmy.blahaj.zone 1 points 1 day ago (1 children)

This works if you trust every program you run with silent root privileges. Sure, don't run untrusted code in general, but I think it's generally good practice to lock down root privileges as much as possible. Layered security and all that.

[–] MangoCats@feddit.it 1 points 1 day ago

Not silent, the passwordless sudo calls are logged and available for review. I do trust that after several months in a sandbox without calling sudo, it's unlikely that a sleeper agent will awaken and call sudo out of the blue - more likely that my apps that have been calling sudo will do something nefarious on the 1000th access...

Somebody (possibly an AI agent...) could/should automate the process of transcribing the sudo logs to the NOPASSWD setup, just leave sudo unlocked for those things that show up as needing it during validation test runs and turn the sudo lock back on for everything else.

[–] ransomwarelettuce@lemmy.world 7 points 2 days ago

that's why I love podman, systemd integration and runs everything in userland by default no need for sudoers configuration.

unfortunately I still need docker on my machine for remote contexts.

[–] schmorpel@slrpnk.net 4 points 2 days ago (1 children)

And is this an actual thing that is possible to do? It seems relevant to a philosophical issue I've been thinking about for a while: every security layer (in computing, but suspect that it goes back further to the first time somebody built a wall of sticks and rocks) adds additional problems or possible break-in points that are then patched with more security layers on top. I'm however not an IT person (call me semi-IT as I translate IT-related documents) and don't want to jump to conclusions. But from my tech-adjacent viewpoint that's what it looks like - are we just heaping bullshit on top of more bullshit and creating something too complex to be manageable anymore?

[–] MimicJar@lemmy.world 1 points 2 days ago

So as another comment pointed out you don't need to give your user account access to docker in this way, it's an optional step, but one that I suspect many people do (since it's part of the official docs).

What the LLM has done is silly, but completely possible. It climbed through the window that you left open.

But let's jump to a different scenario, the ping command (on Linux). That's a perfectly harmless command, right? You just want to say hello to another computer and see if they say hello back.

Except that historically the ping command was something called "setuid" which means when it ran it ran as root. It ran as root because in order for ping to work it has to create a special type of network packet that only root can create. But if you're root you can run anything! So in theory ping opens a huge attack surface. If you have to worry about ping then is everything too complex to be manageable?

Luckily, as I said, this is a historical problem. The permissions ping needs have been moved to a specific capability and the command changed to utilize it and now ping can just run as a regular user without root privileges. But you can't just make that change overnight. It takes a lot of time and effort.

So could the same be done for docker? Maybe. A rootless version of docker already exists. If you actually wanted to do what the LLM suggested, that wouldn't work with a rootless docker, at least not without a bunch more configuration (and even then maybe).

So is security hard? Yes. Is it impossible? No.

[–] FukOui@lemmy.zip 4 points 2 days ago

Docker by default needs root to spawn containers. You can configure it to be rootless but most deployments I see are just root.

Heck you can even get a root shell and perform privilege escalation if you know what you're doing: https://gtfobins.org/gtfobins/docker/