|
|
|
|
|
|
by nervous
2966 days ago
|
|
|
tl;dr
The Sylabs team recently discovered an exploit vector to all container runtimes, that allows a malicious user to gain additional privileges within a container on hosts running kernels that do not support the PR_SET_NO_NEW_PRIVS feature. Singularity is not the only container platform affected; this vulnerability can be exploited using any container runtime on a vulnerable kernel. |
|
|