Skip to content

Commit

Permalink
refactor: prevent execution of arbitrary commands in container
Browse files Browse the repository at this point in the history 
- Preserve the removal of certain commands to prevent the container from executing arbitrary commands

Signed-off-by: 陳鈞 <[email protected]>
  • Loading branch information
@jim60105
jim60105 committed Jan 8, 2024
1 parent 79bf7b3 commit 6d37d1d
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions alpine.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,9 @@ COPY --chown=$UID:0 --chmod=774 \
--from=build /root/.local /home/$UID/.local
ENV PATH="/home/$UID/.local/bin:$PATH"

# Remove these to prevent the container from executing arbitrary commands
RUN rm /bin/echo /bin/ln /bin/rm /bin/sh
# Recorder.moe edit: Preserve these as we will need to mv the files after recording.
# # Remove these to prevent the container from executing arbitrary commands
# RUN rm /bin/echo /bin/ln /bin/rm /bin/sh

USER $UID
WORKDIR /recordings
Expand Down

0 comments on commit 6d37d1d

Please sign in to comment.