[[SUPPORT] DiamondPrecisionComputing - ALL IMAGES AND FILES]

Hello again, I wrote https://github.com/qdm12/gluetun/discussions/1152 since I had a report from someone outside the Unraid ecosystem as well. TLDR: it's a false positive due to it being compiled from Go and doing a bunch of networking/system things (which also makes total sense if you don't know what Gluetun is made for).

[[SUPPORT] DiamondPrecisionComputing - ALL IMAGES AND FILES]

Hello everyone,

 

I'm the author/maintainer of gluetun (and others). I usually don't participate here due to lack of time and got plenty to answer on github already, but I was emailed saying the docker image had a trojan built-in.

 

Just to be clear, there is no trojan or virus or any malicious code put by me. Unless Github or Docker Hub got hacked I guess, which is unlikely.

 

Also theoretically I don't think a "trojan" could do anything more in a container than standard "non-trojan" code. If I would be malicious, I would code something custom without a trojan code signature.

 

We should still be careful with such reports since gluetun runs as root and has NET_ADMIN access (no way around due to VPNs), so if a distribution like Docker Hub gets compromised (and injects a trojan in every image), some malicious code could have some effect on your system since it's not a totally isolated container running without root.

 

You could always build the image yourself (docker build -t qmcgaw/gluetun https://github.com/qdm12/gluetun.git) and then import the xml from DiamondPrecisionComputing's repository if you can't wait and want to play it safe until this is resolved.