Y
Hacker News
new
|
ask
|
show
|
jobs
by
cpach
39 days ago
That might make Copy Fail harder to exploit, but I still wouldn’t bet money on CF being impossible to use in that scenario.
1 comments
grimblee
39 days ago
Since in --userns=auto, root inside the container gets assigned to the first uid of the uid range assigned by podman, copyfail would succeed but you'd get uid 647831 and be able to do nothing with it
link