Hacker News new | ask | show | jobs
by megakluntjes 2486 days ago
As far as I know many projects (Podman, Virtualbox, Rootless Docker, Usernetes etc) use a fork of slirp (e.g. slirp4netns).

Let's hope that these projects are not affected, too
2 comments
AkihiroSuda 2486 days ago
slirp4netns v0.2.3, v0.3.2, and v0.4.0-beta.3 are already patched for this CVE.

https://github.com/rootless-containers/slirp4netns/security/...

Also, v0.4.0-beta.2+ can harden its own process by unsharing mount namespace and pivotting_root to an empty dir that only contains /etc and /run with noexec mount option. v0.4.0-beta.4+ additionally supports seccomp filters.

link
justincormack 2486 days ago
Rootless Docker at least supports vpnkit, which is an alternative memory safe implementation written in OCaml.
link