On Fri, Jul 4, 2025, 19:30 Debian Wiki <w...@debian.org> wrote: > The "Docker" page has been changed by BordenRhodes: > https://wiki.debian.org/Docker?action=diff&rev1=40&rev2=41 > > Comment: > Moving Podman plug into security warning. Consider making its own section. > > > Docker has no equivalent to `sudo`'s password check, so an > arbitrary-code-execution exploit against a user in the `docker` group > effectively grants the attacker root access. Therefore, the safer choice > is to __''never''__ add a user account — even your own — to the `docker` > group, so that Docker commands can only be used via `sudo`. > > + If Docker running at root level is an unacceptable security risk, > consider [[Podman]] instead, which provides similar functionality but runs > without root privileges. > + > See also [[https://docs.docker.com/go/attack-surface/|"Docker daemon > attack surface" in the upstream documentation]] for more details. > }}} >
Instead of a reference to Podman in an article about Docker, this should mention running Docker in "rootless" mode: https://docs.docker.com/engine/security/rootless/ (Podman should stick to articles about Podman.) ❤️, - Tianon
