|
|
|
|
|
|
by longtermsec
2591 days ago
|
|
|
bingo. one should always assume that userland access on a linux box is a short step away from full system privileges and active exploits are ready for use by an attacker. docker has started adding hardening with SELinux+Seccomp because theres a realisation that the linux kernel bugs keep coming, but this is just a bandaid. the other problem with this approach is that in practice a hardened config is too restrictive for real-user use and has real maintenance cost so most will never use them (as argued by others in this thread for why the gvisor approach is superior). AppArmor is very poorly maintained, buggy, and not a practical solution |
|
|
Should every organization assume that every attacker has access to Linux 0-days that they can use to privesc on a box?
My opinion is that that's not a realistic assessment for every attacker.
Do some attackers have that? I'm sure they do, but not every company should assume that every attacker will be able to do that.
And all this goes back again to the original point. The trope "containers don't contain" is overly simplistic and not appropriate for every companies threat mode.