| ▲ | hebocon 2 days ago | |
Running a binary as a non-root user with scoped access to Docker commands seems more appropriate to me. | ||
| ▲ | franga2000 2 days ago | parent [-] | |
What do you mean by scoped access? A bunch of regexes checking that the app doesn't add any dangerous flags to docker run? That sounds like a fun CTF challenge to me, which is not a good thing for a security feature... | ||