|
|
|
|
|
|
by csmpltn
1535 days ago
|
|
|
> "Genuinely, would you be happy with just container isolation between you and other
customers of your cloud provider? Most people absolutely would not." But that's exactly how VPS hosting works today - you don't get your own private blade unless you're ready to pay premium prices and have the competence needed to run them yourself. The technicalities of how private resources in a VPS are isolated from each other will differ, but the concept remains the same nonetheless. People bite the bullet, only to be subject to things like rowhammer [1], or other container escape scenarios [2]. The top comment in this thread reflects the proper way of dealing with this: containers or sandboxes are may not be treated as a secure boundary. [1] https://www.usenix.org/conference/usenixsecurity16/technical... [2] https://www.intezer.com/blog/research/how-we-escaped-docker-... |
|
|