Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Aug 2016 15:00:09 -0400 (EDT)
From: CAI Qian <caiqian@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: cve request: systemd-machined: information
 exposure for docker containers



----- Original Message -----
> From: "Daniel J Walsh" <dwalsh@...hat.com>
> To: oss-security@...ts.openwall.com
> Sent: Wednesday, August 3, 2016 3:27:00 AM
> Subject: Re: [oss-security] cve request: systemd-machined: information exposure for docker containers
> 
> 
> 
> On 08/01/2016 12:24 PM, Shiz wrote:
> >> On 28 Jul 2016, at 16:42, Simon McVittie <smcv@...ian.org> wrote:
> >>
> >> *Which* unprivileged user processes?
> >>
> >> If the unprivileged user processes are not in a container, they can get a
> >> significant amount of the same information by reading the host's /proc.
> > Except if a host is running with hidepid={1,2}, which is not entirely
> > uncommon
> > especially in hardened systems. In that regard it /does/ qualify as
> > infoleak.
> >
> > - Shiz
> Then simply rpm -e oci-register-machine
> 
Except people can't do that in OSes like atomic host.
   CAI Qian

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ