New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-think security of system #18

Open

t-lin opened this issue Jun 13, 2020 · 1 comment

Labels

Member

t-lin commented Jun 13, 2020

Need to review and re-examine how to secure system against potential abuse.

One of the ways we introduced early was hashing the saved Docker image. However, when the same image is saved on another node and the hash is calculated on it, it differs.
Our system currently also doesn't prevent a compromised node from simply advertising that it has a service.

We should keep in mind other potential vectors and methods to either mitigate them or prevent them.

t-lin added the investigate label

Member Author

t-lin commented Jul 6, 2020 •

edited

Loading

Some info on what the SHA256 digest shown after doing a Docker build is based on:

https://windsock.io/explaining-docker-image-ids/
https://maori.geek.nz/how-to-digest-a-docker-image-ca9fc7630b71 (shows how dates in the manifest changes the hash)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment