Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Programming

Video Security is an Important Coding Consideration Even When You Use Containers (Video) 57

Video no longer available.
Last month Tom Henderson wrote an article titled Container wars: Rocket vs. Odin vs. Docker. In that article he said, "All three are potentially very useful and also potentially very dangerous compared to traditional hypervisor and VM combinations."

Tom's list of contributions at Network World show you that he's not a neophyte when it comes to enterprise-level security, and that he's more of a product test/analytical person than a journalist. And afraid to state a strong opinion? That's someone else, not Tom, who got flamed hard for his "Container Wars" article, but has been proved right since it ran. Tom also says, in today's interview, that the recent Apple XcodeGhost breach should be a loud wake-up call for developers who don't worry enough about security. But will it? He's not too sure. Are you?

Robin Miller for Slashdot : Tom, last month didn’t you wrote some sort of article about people taking over containers, Apples and things like that?

Tom: Well,it wasn't quite that Robin, but I did a comparison between different kinds of container methodologies one of which comes from an organization called Parallels, and it's Virtuozzo, from a fairly long, comparatively stable product group that has gotten a bit of attention from OEMs, and actually their big market is hosting companies who want to build appliances and rapidly provision customers with the mundane stuff like mail and Wordpress. The meter turns on and everybody forgets to turn it off – which of course makes the ISPs and service providers very happy. And then we compared additionally to that another container methodology called Docker which is hot, hot, hot technology about how to strip out all of the evil stuff and run things inside of a sandbox container system, and then even run fleets of those things if you like to do big data-ish HPCish sorts of analysis. And it turns out that Docker, which uses Linux containers, isn't anything but a lot of fun because it's certainly not secure, and it has got just incredible variations of stuff because it's so easy and simple to do.

However, any organization putting these sorts of things into production without having chapter and verse in terms of the background of where the container came from, what it is composed of and so forth is pretty much opening the doors to the marauding Huns. And so, I tried to explain my sense of the fact that Docker containers, while really fun and ostensibly poised towards security models, might help bring a chain of authorities into the equation to make things safe.

Well, all that stuff didn’t flush, and I got a bunch of e-mails saying, ‘Hey, man, we're having a lot of fun with this stuff, so like lay the hell off would you, I mean, come on, these are so cool, look at this, I can go and shoot 500 of these suckers into a single machine, dude. Now let’s go see you do that.’ And so, well, fast forward to Apple – which has its Xcode that was distributed through third parties, not the stuff that came from Apple themselves, but through third parties. Got tainted with a payload that infects iOS, and suddenly developers find all of their cool apps that were making money in the iTunes store evaporate along with, of course, any kind of profitability. Or from the users perspective, any kind of security that they thought they might have.

Why? Well, Apple does allow Apple developers to do a check on the Xcode to see if it is actually valid. Now, how many developers who are trying to make loose and fast money went through their process check to see, Oh, yeah, gee man, hey, man this isn’t the same stuff that comes from the developer side, what do we do?

So what ends up happening? A big explosion and suddenly you can hear the cries of thousands of iOS apps going, ‘They have taken me from the store!’ And they are gone.

So what's the happiness in this? Well, a fear of God has been put into developers so that they understand that they are actually now targets of potential malware infestations that in turn can infect not only their own turf and their own sandboxes, crappy as they are, (oh yeah they are made of sand not concrete), but it also a wake-up call to vendor organization to try and find methodologies that validate these payloads before they're going, “Oh, yeah, build a thousand of them.” Okay. So, I feel a little bit vindicated over the fact that, yes, the chain of authorities is important and Docker is loose and fast. it reminds me of all of the warnings and admonitions that the United States Navy gave the sailors of World War II, so they wouldn’t pick up STDs in port.

So with that inoculation in mind, will developers actually do the job right and carefully examine what's been going on? Well, yeah, there are initiatives, there are rocket initiatives that start to develop chains of authorities, organizations are starting to carefully look at what the payloads are, but the problem is we don't really have a sandboxing methodology to validate all of these cool appliances and yes they are cool and easily deployed, but unfortunately there's no good way to look inside like the FDA does at your freaking hamburger; you go, “Oh, yes, well this was inspected by number 64.” I'm hoping that such a thing comes about because what's happened is that we’ve once again had a wakeup call.

Bbut the problem is, developers are going to go back to sleep.

This discussion has been archived. No new comments can be posted.

Security is an Important Coding Consideration Even When You Use Containers (Video)

Comments Filter:
  • by Anonymous Coward on Wednesday September 23, 2015 @03:52PM (#50585609)

    Containers are even more dangerous than VMs since you lose even more virtualization. All these technologies sit on a spectrum of resource-cost-to-containment with the hardest containment being a different physical machine. Even process isolation yields some amount of containment (can't snoop cross-process memory) but this is typically trivial to breach for any malware.

    A large part of the security problem can be solved with simple configuration cleanliness. Do you know what software you're running? If you don't then no amount of containment will help and it's just a matter of time before your network is pwned.

    • Containers are even more dangerous than VMs since you lose even more virtualization. All these technologies sit on a spectrum of resource-cost-to-containment with the hardest containment being a different physical machine. Even process isolation yields some amount of containment (can't snoop cross-process memory) but this is typically trivial to breach for any malware.

      If you have a server (in a container or whatever), with all your user's passwords going through it.....then it really doesn't matter if the malware can't get out of the container, it can still sniff the passwords as they go through.

    • by Anonymous Coward

      All these technologies sit on a spectrum of resource-cost-to-containment with the hardest containment being a different physical machine.

      Physical separation opens up an entirely different set of security problems. I can purge and redeploy a few thousand containers before you've got a single physical machine halfway through re-imaging. You've also got to face the fact that security does not live in a bubble. Managing a metric crapload of containers or even full-blown VMs is far, far more efficient (cost and timewise) than managing a metric crapload of physical machines.

      A large part of the security problem can be solved with simple configuration cleanliness. Do you know what software you're running? If you don't then no amount of containment will help and it's just a matter of time before your network is pwned.

      This, though. In rare cases where shitty application code isn't to bla

  • by xxxJonBoyxxx ( 565205 ) on Wednesday September 23, 2015 @03:58PM (#50585641)

    There are 11 types of developers when it comes to security.

    00) Wot? 70% of them. Probably 95% of web designers.
    01) I care about security, but I don't have to do anything about it in my layer. Another 20%.
    10) I care about security and it is my problem. Just 10%. Maybe.

    This guy is preaching to group 10 and trying to get group 01 to care. It's nice to see something else out there fighting the good fight.

    • You need other subcategories of number 10. Those who care about security, have to interface with security and use security features, but who are not the security expert. These are different from the developers who actually implement the security. Who may also different from the people who decide the policy of security (who may or may not be software/firmware people).

  • There are too many new developers coming in. The older guys may know how to write secure code, but then you have a bunch of new people and they have to learn the lessons of security all over again.

    There is no "magic bullet." Garbage collection won't save you, a container won't save you. In the end, you need to be thinking about security every line you write, or you'll end up with an integer overflow that allows hackers to take over your container.
    • Nobody knows WTF is inside of a container except the person that built it, and no one knows if they MD5'd the contents, used all of the appropriate checked libs, and made sure that processes/confs/symlinks that were unnecessary were removed from the container. The same needs to be done to hypervised VMs. You can MD5 the container once built, but then checking to see if something ugly's been added isn't simple.

      Then there's the job of doing update/patch/fix, and ensuring that those payloads have a chain of co

  • EVEN WHEN??!!!! (Score:4, Interesting)

    by rubycodez ( 864176 ) on Wednesday September 23, 2015 @04:01PM (#50585673)

    Containers are even less separate than jails, of course they're near the bottom of the barrel in terms of security. Why the Container fad when the overhead of proper virtualization is now so very low it's negligible on any modern server processor?

    • by sjvn ( 11568 )

      Containers are even less separate than jails, of course they're near the bottom of the barrel in terms of security. Why the Container fad when the overhead of proper virtualization is now so very low it's negligible on any modern server processor?

      Because you can run three to four more server apps on the same architecture than you can using even efficient VMs such as KVM. That, in turn, means you have o pay for fewer servers.

    • by damaki ( 997243 )
      The main bottleneck of virtualization is not CPU, which is already optimized as hell, it's I/O. With virtualization you add additional layers to access storage and network devices, and thus destroying your random read/writes performances. Sure, that is not an issue for the average app, but virtualize your favorite brand of database server and you will enter a world of pain at the worst time ever possible (a high load scenario).
      • by allo ( 1728082 )

        LXC does not add any IO.

        • by damaki ( 997243 )
          True.But a LXC is a container system; not a real virtualization solution. It's powerful, it's clean, it's wicked cool with btrfs and it's my favourite. It just lacks neat docker tools such as docker composer.
          • by allo ( 1728082 )

            I just use it with rootfs-folder. Using a btrfs-volume may add some stuff.

            btw: Docker was based on LXC and i think it still supports it? So its just a aufs (unionfs) when using docker.

            • by damaki ( 997243 )
              btrfs volumes allows you to share core files between containers and not waste additional disc space. If you use a standard template to make other lxc containers, it makes new containers real cheap as it takes almost no additional disc space for each new one. Yup, I know that Docker uses the same kernel-level isolation mechanisms as LXC. But looks like it is not exactly the same as I've heard of recurrent garbage collection (files) issues with some Docker stuff. I could not guess how a properly designed dock
              • by allo ( 1728082 )

                Yeah, docker creates a layer and then never changes it. With LXC backend, it uses aufs to stack them.
                I still prefer using bare LXC containers. There i know what i have and do not trust any prebuilt stuff. And when i start with creating a baseimage (debootstrap for ubuntu/debian), i just do the same as a "lxc-create -t debian" does.
                But maybe i am oldschool ;).

    • by dj245 ( 732906 )

      Containers are even less separate than jails, of course they're near the bottom of the barrel in terms of security. Why the Container fad when the overhead of proper virtualization is now so very low it's negligible on any modern server processor?

      Containers are easy for weekend IT guys like me who run our own servers. I don't have time to bother with learning an entirely new IT paradigm and setting it all up myself. Home server software makes all of that unnecessary and Docker containers are handled almost like "apps" in some software (like Unraid). I have to set directories and manage the network port mapping but everything else is done for me. It does what I need it to do without requiring much new knowledge or skill.

  • Given that xcode is free (as in comes with OS X), why would you get it from a source other than Apple?
    • by kauos ( 1168299 )

      Given that xcode is free (as in comes with OS X), why would you get it from a source other than Apple?

      The quickest answer is that some countries fsck with the websites of others... I live in China and they love to play games with DNS resolving, temporary and permanent website bans, bandwidth restrictions (sometimes per service... ie just for www, but ssh is full speed).... and etcetera and so forth.

      Sometimes you will download from another site just so it doesn't take a week to download, sometimes you don't even realize that you are on a China specific site that is giving you different binaries (ie Skype)

  • Is it just me who hates all these stupid sounding technology names?
  • Who needs to argument about contributions to show "he's not a neophyte", has other problems. Especially if i needs to think about if he needs security even in containers. i mean, what the fuck.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...