Request: Use the Alpine build of BusyBox for greater security #50
Comments
liam-verta
changed the title
|
Hmm, I'm not totally opposed to this. But the question is, how to extract/build this. |
|
We might also finally just switch to a from scratch image.. The node-exporter is really the last container I ever feel the need to exec into and now with ephemeral containers in kubernetes even in these situations it shouldn't matter. But it would be a breaking change.. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Alpine project is very responsive to vulnerability reports and has been releasing patched versions of BusyBox that address critical vulnerabilities. CVE-2022-28391 was reported over 4 months ago and is still unpatched in BusyBox 1.34.x and 1.35.0 releases. Meanwhile, Alpine patched their BusyBox build almost as soon as the vulnerability was published: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
This image doesn't have to use Alpine in general but it should consider using the Alpine build of the BusyBox executable for greater security.
The text was updated successfully, but these errors were encountered: