Wow.
Docker’s report that a downloaded image is “verified” is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest. An attacker could provide any image alongside a signed manifest. This opens the door to a number of serious vulnerabilities.
Maybe someone read this XKCD comic and mistook it for good practice.
lnxwalt@microca.st, olm-e, Jason Self, Stephen Michael Kellat likes this.
Stephen Michael Kellat shared this.