You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I wonder if these could be used to expose things we dont want exposed, such as CI variables
You already have access to it via the terminal
I believe the env variables set for creating the docker (like docker hub keys) wouldn't be accessible from inside the docker if we don't deliberately pass them with ENV or as args.
I believe the [potentially important stuff] wouldn't be accessible from inside the docker ...
I may be misunderstanding this, but given we can run red-pill from the terminal in the docker to access the base operating system, everything outside the docker is technically already accessible from inside the docker is it not? At least I imagine that's the case from a privacy/security standpoint, except for things that require elevating privileges.
Yes, but my point was that we have a tool inside the docker that allows you to access the outside, so from a security standpoint anything we can access via the web terminal that doesn't require putting in a password is also accessible to an arbitrary program running in the docker.
Yes, but my point was that we have a tool inside the docker that allows you to access the outside, so from a security standpoint anything we can access via the web terminal that doesn't require putting in a password is also accessible to an arbitrary program running in the docker.
I agree, and that security hole has existed since we added the commander (/command/host). I think the commander should have a restrictive CORS and only allows access from the same address, but this discussion has no relation with environment variables or this PR.
I was actually thinking of CI, where our dockerhub credentials were avaialable, but github does require us to allow CI to run for new contributors, and also I think now that is only provided to the deployment action
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
patrickelectric
force-pushed
the
add_env
branch
from
Helps #1466