Can you please elaborate a little to what risk you are referring? Have you been able to escape a guacd or guacamole or some other container? Via the network interfaces exposed or how? Is there some thing to be done by the project to improve container security? Actually I´d be willing to spend time on it. Imho the biggest issue with docker is which images to trust. For many projects there is a plethora of users providing some container. Thanks, Joachim
-----Ursprüngliche Nachricht----- Von: sciUser <shulb...@securitycentric.net> Gesendet: Donnerstag, 28. Mai 2020 19:08 An: user@guacamole.apache.org Betreff: Re: AW: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup Docker is popular however it comes with a serious security risk, its always better to build your own Guacamole instance over using Docker. The risk is in exploiting the host server through Docker container. I have actually done this and it can be pretty nasty if someone wanted to be malicious. I agree that documentation could be better, its lacks the show and tell aspect with explanation. I plan on fixing that gap once I complete this project in August, to give proper instructional guides. Don't get me wrong, Mike and Nick have done an outstanding job in maintaining this project and if it wasn't for them Guacamole wouldn't be as tasty as it is now. This is why I will make this pledge, once my company hits $1MM revenue, I will donate to the project $20k. Keep up the good work! ----- A Cybersecurity Enablement Company We don't just run you through the motions, Our labs teach you how to think! Known good Guacamole installations -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
