Y
Hacker News
new
|
ask
|
show
|
jobs
by
yutghgh
2671 days ago
This is very interesting, because most docker break outs I see are exploits in the linux kernel, but this is one of the few in the containerization components themselves (first one I remember in runC).
1 comments
cpuguy83
2670 days ago
Definitely not the first. There was one with leaking file descriptors which weren't opened with O_CLOEXEC.
Another with ptrace (fixed by making the process non-dumpable).
link
Another with ptrace (fixed by making the process non-dumpable).