doc.rustdesk.com icon indicating copy to clipboard operation
doc.rustdesk.com copied to clipboard

Published 20 hours ago verified publisher icon rustdesk

Update docker guide to make example more secure

Open grahamIT opened this issue 1 year ago • 1 comments

I Updated this documentation page to harden the security of anyone who follows this guide. There were two main issues with the old page.

Issue 1

  • The guide used sudo to run docker when it wasn't needed. This is a potential security issue and is bad practice at best. The right answer is to add your user to the docker group so you can use it without root.

Issue 2 (worst)

  • The guide recommended people set the networking mode to host. This is a major security issue. By setting network to host you are allowing any software in the container root access to your machine because software inside the networking host container can get out of the container. This isn't terrible by itself unless something happens to the Rustdesk server like a supply chain attack or a zero day. Docker provides excellent isolation and it doesn't make sense to not use it.

grahamIT avatar Oct 31 '23 17:10 grahamIT

Is been a while since I opened this. Does anyone know if there is something else I need to do?

grahamIT avatar Dec 04 '23 20:12 grahamIT

Is it possible to have someone review my changes?

grahamIT avatar Jan 15 '24 20:01 grahamIT

Sorry, I do not agree with you. Can not approve your PR.

rustdesk avatar Jan 16 '24 01:01 rustdesk

Thanks for the response, I think trusting the Rustdesk server to be perfectly secure is a mistake but I respect your judgement call and appreciate you getting back to me.

grahamIT avatar Jan 16 '24 17:01 grahamIT