https://nidomiro.de/tags/security/Recent content in Security on nidomiroHugoenFri, 14 Mar 2025 10:43:41 +0100https://nidomiro.de/article/more-secure-dind-in-gitlab-ci/Thu, 31 Dec 2020 12:00:00 +0000https://nidomiro.de/article/more-secure-dind-in-gitlab-ci/<p>If you are reading this article you probably already know how to use DinD (DockerInDocker) in GitLab CI. The default way is to set <code>privileged=true</code> in your Runner-config.</p> <p>This little flag makes everything work; but at the cost of security. There are many articles regarding this topic, eg. <a href="https://www.trendmicro.com/en_us/research/19/l/why-running-a-privileged-container-in-docker-is-a-bad-idea.html">this one</a>. The baseline is, if you run a container privileged, and the container uses the root-user inside, you can lose the whole server.</p>https://nidomiro.de/code/more-secure-deployments-via-ssh/Fri, 21 Aug 2020 12:00:00 +0000https://nidomiro.de/code/more-secure-deployments-via-ssh/<p>If we deploy an application automatically we have to grant the CI (Continuous Integration) access to the server. Common practice is to do that via a GitLab Runner or an ssh account on the server.</p> <p>Personally I would not recommend using a GitLab Runner for deployments, because you have to maintain it. Another potential issue is, that you normally register runners for your whole GitLab instance or groups. That results in a scenario in which everyone can use that runner and accidentally (or not) destroy, for example, your production server. To avoid that you have to register the GitLab Runner in the Project it belongs to only. But even then your production server can be misused as a build worker and therefore create performance issues.</p>