How do i you decide whats safe to run

I recently ran Gossa on my home server using Docker, mounting it to a folder. Since I used rootless Docker, I was curious - if Gossa were to be a virus, would I have been infected? Have any of you had experience with Gossa?

  • kevincox
    link
    fedilink
    English
    arrow-up
    4
    ·
    5 months ago

    I think assuming that you are safe because you aren’t aware of any vulnerabilities is bad security practice.

    Minimizing your attack surface is critical. Defense in depth is just one way to minimize your attack surface (but a very effective one). Putting your container inside a VM is excellent defense in depth. Putting your container inside a non-root user barely is because you still have one Linux kernel sized hole in your swiss-cheese defence model.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      3
      ·
      5 months ago

      How is the Linux kernel more insecure than anything else? It isn’t this massive gapping hole like you make it sound. In 20 years how many serious organization destroying vulnerabilities have there been? It is pretty solid.

      I guess we should all use whatever proprietary software thing you think is best

      • kevincox
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        The Linux kernel is less secure for running untrusted software than a VM because most hypervisors have a far smaller attack surface.

        how many serious organization destroying vulnerabilities have there been? It is pretty solid.

        The CVEs differ? The reasons that most organizations don’t get destroyed is that they don’t run untrusted software on the same kernels that process their sensitive information.

        whatever proprietary software thing you think is best

        This is a ridiculous attack. I never suggested anything about proprietary software. Linux’s KVM is pretty great.