You are viewing a single thread.
View all comments View context
228 points

There’s no way the model has access to that information, though.

Google’s important product must have proper scoped secret management, not just environment variables or similar.

permalink
report
parent
reply
113 points

There’s no root login. It’s all containers.

permalink
report
parent
reply
9 points

The containers will have a root login, but the ssh port won’t be open.

permalink
report
parent
reply

I doubt they even have a root user. Just whatever system packagea are required baked into the image

permalink
report
parent
reply
3 points

Containers can be entirely without anything. Some containers only contain the binary that gets executed. But many containers do contain pretty much a full distribution, but I have yet to see a container with a password hash in its /etc/shadow file…

So while the container has a root account, it doesn’t have any login at all, no password, no ssh key, nothing.

permalink
report
parent
reply
12 points

The containers still run an OS, have proprietary application code on them, and have memory that probably contains other user’s data in it. Not saying it’s likely, but containers don’t really fix much in the way of gaining privileged access to steal information.

permalink
report
parent
reply
5 points

The OS in a container is usually pretty barebones though. Great containers usually use distroless base images. https://github.com/GoogleContainerTools/distroless

permalink
report
parent
reply
19 points

That’s why it’s containers… in containers

It’s like wearing 2 helmets. If 1 helmet is good, imagine the protection of 2 helmets!

permalink
report
parent
reply
52 points

It’s containers all the way down!

permalink
report
parent
reply
32 points

All the way down.

permalink
report
parent
reply
7 points

It does if they uploaded it to github

permalink
report
parent
reply
6 points

In that case, it’ll steal someone else’s secrets!

permalink
report
parent
reply
1 point

But you could get it to convince the admin to give you the password, without you having to do anything yourself.

permalink
report
parent
reply
4 points

Still, things like content moderation and data analysis, this could totally be a problem.

permalink
report
parent
reply

Programmer Humor

!programmerhumor@lemmy.ml

Create post

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

  • Posts must be relevant to programming, programmers, or computer science.
  • No NSFW content.
  • Jokes must be in good taste. No hate speech, bigotry, etc.

Community stats

  • 4.4K

    Monthly active users

  • 1.5K

    Posts

  • 35K

    Comments