Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Aug 2016 15:04:50 -0400
From: Daniel J Walsh <dwalsh@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: cve request: systemd-machined: information
 exposure for docker containers



On 08/10/2016 03:00 PM, CAI Qian wrote:
>
> ----- Original Message -----
>> From: "Daniel J Walsh" <dwalsh@...hat.com>
>> To: oss-security@...ts.openwall.com
>> Sent: Wednesday, August 3, 2016 3:27:00 AM
>> Subject: Re: [oss-security] cve request: systemd-machined: information exposure for docker containers
>>
>>
>>
>> On 08/01/2016 12:24 PM, Shiz wrote:
>>>> On 28 Jul 2016, at 16:42, Simon McVittie <smcv@...ian.org> wrote:
>>>>
>>>> *Which* unprivileged user processes?
>>>>
>>>> If the unprivileged user processes are not in a container, they can get a
>>>> significant amount of the same information by reading the host's /proc.
>>> Except if a host is running with hidepid={1,2}, which is not entirely
>>> uncommon
>>> especially in hardened systems. In that regard it /does/ qualify as
>>> infoleak.
>>>
>>> - Shiz
>> Then simply rpm -e oci-register-machine
>>
> Except people can't do that in OSes like atomic host.
>    CAI Qian
But people do not tend to have non privileged users logged into atomic host.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.