Init script makes all Pictshare files world writable and executable

[Nutomic]

This is very bad for security.

https://github.com/HaschekSolutions/PictShare-Docker/blob/master/rootfs/pictshare.sh#L21

[Nutomic]

Wow that file is a disaster. Secretly downloading source code, not checking the hash and then running that? I'm actually speechless.

[geek-at]

Not that secret if you ever restarted your container and looked at the logs. Also it's via https pointing to github.com so if the cert would fail in an mitm attack, the download wouldn't go through

[Nutomic]

Why are you marking the image files as executable and writeable by anyone? That is completely unnecessary (the chmod 777).