Container Breakout Proof-of-Concept

Klaus

Fri, 20 Jun 2014 22:01:46 +0200

Oh serious?!? A root user with access to the host kernel can do bad things? I am shocked!

#^Docker Container Breakout Proof-of-Concept Exploit | Docker Blog

At Docker we take security very seriously and try to be as transparent as possible. This morning proof of concept exploit code was published showing how to break out of a Docker Engine 0.11 container. The proof of concept exploit relies on a kernel capability that allows a process to open any file in the host based on its inode. On most systems, th...

Docker

Thomas Willingham

Fri, 20 Jun 2014 22:20:37 +0200

There was a relatively minor XSS bug in Friendica once where the reporter got a bit excited, and as a result, had lots of people thinking that non-patched code had some major vulnerability that was going to kill everyone. It was a security issue, and it did need fixing...but also, it could only come from direct contacts, had never been seen in the wild, etc. In other words, it was a routine, priority 'normal' bug that somehow took on the persona of a 'critical' bug in user consciousness.

That experience makes me think these things are sometimes better documented in the commit notes and changelogs than in blogs, unless they're really a serious issue on properly configured servers.

This website is tracked using the Piwik analytics tool. If you do not want that your visits are logged this way you can set a cookie to prevent Piwik from tracking further visits of the site (opt-out).