whoami icon indicating copy to clipboard operation
whoami copied to clipboard

Published 20 hours ago verified publisher icon traefik

not rootless

Open Morriz opened this issue 1 year ago • 2 comments

Why is this image not rootless? Is it hard to implement?

Morriz avatar Apr 16 '24 18:04 Morriz

Hello,

whoami has been built to be used inside the tests of Traefik and with containers.

The target was not to create a tool outside of Traefik's context.

ldez avatar Apr 16 '24 21:04 ldez

I understand, but while using it to test for external access (headers etc) we are potentially vulnerable. So what does it need to become rootless? I am pretty sure you guys thought about it as dockerized http servers running as root has been a no go for some years now

Morriz avatar Apr 17 '24 09:04 Morriz