Rootless, Reproducible & Hermetic: Secure Container Build Showdown

Cite

Related Material

Chaos Computer Club e.V.

Martin, Andrew

Formal Metadata

Title

Rootless, Reproducible & Hermetic: Secure Container Build Showdown

Alternative Title

Rootless, Reproducible & Hermetic: Secure OCI Container Build Showdown

Title of Series

All Systems Go! 2019

Number of Parts

Author

Martin, Andrew

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/46134 (DOI)

Publisher

Chaos Computer Club e.V.

Release Date

2019

Language

English

Producer

All Systems Go!

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

How can we build hostile and untrusted code in containers? There are many options available, but not all of them are as safe as they claim to be... Rootless container image builds (as distinct from rootless container runtimes) have crept ever closer with orca-build, BuildKit, and img proving the concept. They are desperately needed: a build pipeline with an exposed Docker socket can be used by a malicious actor to escalate privilege - and is probably a backdoor into most Kubernetes-based CI build farms. With a slew of new rootless tooling emerging including Red Hat’s buildah, Google’s Kaniko, and Uber’s Makisu, we will see build systems that support building untrusted Dockerfiles? How are traditional build and packaging requirements like reproducibility and hermetic isolation being approached? In this talk we: - Detail attacks on container image builds - Compare the strengths and weaknesses of modern container build tooling - Chart the history and future of container build projects - Explore the safety of untrusted builds