Docker Image Insecurity

An anonymous reader writes Developer Jonathan Rudenberg has discovered and pointed out a glaring security hole in Docker's system. He says, "Recently while downloading an 'official' container image with Docker I saw this line: ubuntu:14.04: The image you are pulling has been verified

I assumed this referenced Docker's heavily promoted image signing system and didn't investigate further at the time. Later, while researching the cryptographic digest system that Docker tries to secure images with, I had the opportunity to explore further. What I found was a total systemic failure of all logic related to image security.

Docker's report that a downloaded image is 'verified' is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest. An attacker could provide any image alongside a signed manifest. This opens the door to a number of serious vulnerabilities." Docker's lead security engineer has responded here.

Re:Read the update

[postbigbang]

It's nice to try to deflate this, but the blunder and the QA mistake remain. As I like to hesitate on the side of caution, I'd change this quickly. Just agreeing that one screwed up and not halting distribution for this head-desk sort of error -- in the face of the enormous security risk endowed -- isn't quite satisfactory.

I'm here to punish no one, but in a crazy sort of way, I find this one to be a bit mind-boggling, to the tune that each and every appliance that wasn't independently MD5'd is now a freaking five star security risk. Chain of authorities are tremendously important, and reasonable people would believe, mistakenly, that all is fine, when none of it now is, because the chain of authorities chain has been broken, and for what I know, from its inception.

So you're telling me to cool down, and I'm telling you that every single Docker implementation is now reasonably suspect, because of this go-lightly screw-up.