[tptacek]

In a very carefully configured container regime, you might not be getting anything other than the access the API already had to run code submitted by users. You'd have RCE, but your code can only do the limited set of things permitted by the container; it might not have access to any meaningful filesystem, or to the network, or to the container engine.

It's very tricky to create and maintain those kinds of container systems, but there are services (for instance, the cloud CI providers) that do it.

On applications like these, where the premise is that you give them some kind of code and they evaluate it for you, escaping the "user interface" sandbox isn't game over; you'd have to finish the exercise of escalating to the container host or getting access to an internal network with internal APIs on it.

It's a little like getting SQL injection, but confined to some kind of SQL view. Chances are the application is doomed, but you still have to prove it.

[pvg]

Right, I understand that but you'd not pick a container as your primary line of isolation for running arbitrary Go code. The GP is saying - it's cool, because containers. Yes, perhaps in exceptionally skilled hands, maybe this is sane but generally it's not. The official go playground's first sandbox is Native Client.

[tedunangst]

Can we not stipulate the existence of a container breakout of the week?

[anonymousJim12]

Can you link to a container breakout exploit from the past 6 months?