19.4% ye1000 Docker midziyo yepamusoro ine isina chinhu mudzi password

Jerry Gamblin akasarudza kuziva kuti vakanga vachangobva kuzivikanwa vakanga vakapararira sei dambudziko muDocker mifananidzo yekugovera Alpine, ine chekuita nekutsanangura password isina chinhu yemudzi mushandisi. Ongororo yezviuru zvemidziyo inonyanya kufarirwa kubva kuDocker Hub katalogi akaratidza, chii mu 194 yeiyi (19.4%) mudzi unoiswa kupassword isina chinhu pasina kukiya account ("root:::0:::::" pachinzvimbo che"mudzi:!::0:::::").

Kana mudziyo ukashandisa mumvuri uye linux-pam mapakeji, shandisa isina chinhu mudzi password Kunoitawo wedzera ropafadzo dzako mukati memudziyo kana iwe uine mukana usina mukana wekupinda mugaba kana mushure mekushandisa kusazvibata mubasa risingakodzeri rinomhanya mumudziyo. Iwe unogona zvakare kubatana kune mudziyo une kodzero dzemidzi kana iwe uchikwanisa kuwana zvivakwa, i.e. kugona kubatanidza kuburikidza neterminal kune TTY inotsanangurwa mu /etc/securetty list. Kupinda nepassword isina chinhu kwakavharwa kuburikidza neSSH.

Yakanyanya kufarirwa pakati midziyo ine isina chinhu mudzi password ndiyo microsoft/azure-cli, kylemanna/openvpn, governmentpaas/s3-resource, phpmyadmin/phpmyadmin, mesosphere/aws-cli и hashicorp/terraform, ine anopfuura mamirioni gumi ekurodha. Containers inoratidzirwa zvakare
govuk/gemstash-alpine (500 zviuru), monsantoco/logstash (5 miriyoni),
avhost/docker-matrix-riot (1 miriyoni),
azuresdk/azure-cli-python (5 miriyoni)
и ciscocloud/haproxy-consul (1 miriyoni). Zvinenge zvese zvemidziyo iyi yakavakirwa paAlpine uye usashandise mumvuri uye linux-pam mapakeji. Iyo chete inosarudzika ndeye microsoft/azure-cli yakavakirwa paDebian.

Source: opennet.ru