Snapcraft, Snappy

John Moser john.r.moser at gmail.com
Sun Jul 10 15:38:55 UTC 2016


On Sun, 2016-07-10 at 17:11 +0200, Ralf Mardorf wrote:
> Hi,
> 
> there's an interesting counter-argument against something similar to
> snapcraft/snappy.
> 
> https://lists.archlinux.org/pipermail/arch-general/2016-July/041579.h
> tml
> 

That's the security team going off into lala land with a bunch of
overblown wargarble.

Basically, containers completely, 100% perfectly isolate software on
the system from other software execution environments.  That means the
file system, devices, network stacks (tcpdump!), and so forth are all
as reachable as if you're on another machine.

The Security team points out that a kernel-level exploit will allow you
to route around this.

They take that observation to mean that containers supply zero
security, and that a compromise in a container is a system level
compromise.

To follow that logic completely:  there's no such thing as security
anyway, because Linux has to accept a TCP packet into its network stack
to even look at it in iptables, thus any network-reachable machine is
already compromised.

The argument from the security team essentially fails to create risk
models and assess probability and severity of the compromises they
describe.  Instead of recognizing, categorizing, and accounting for
those risks, they just run around flailing their arms and scream that
the sky is falling into the face of every passer-by to whom they can
get close enough.

Whoever wrote that message isn't qualified to handle computer security
concerns.

> I guess snapcraft/snappy and anything similar could be useful, but
> indeed, IMO those are good reasons to not become too much used to
> this
> approach.
> 
> Regards,
> Ralf
> 




More information about the Ubuntu-devel-discuss mailing list