Y
Hacker News
new
|
ask
|
show
|
jobs
by
dv_dt
755 days ago
I know I prefer my exploits to come from opaque corners of package formats or docker layers as bofh intended. The more indirect handoffs of trust the merrier.
1 comments
Timber-6539
755 days ago
Docker is at least sandboxed by default and requires sudo password to run commands.
link
dv_dt
755 days ago
There are advantages to docker, but also disadvantages. Definitely the same w/ "curl | sh" That's all I was trying to allude to, tongue in cheek.
link
freeone3000
755 days ago
But it requires sudo or effective-sudo to run
any
command, making such a measure worthless
link