Problematic Privileges | TechSNAP 407b
TechSNAP Video
English - July 22, 2019 01:05 - 218 MB VideoTechnology News Tech News networking security sysadmin cisco vpn news cyber opsec zfs linux Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Old School Outages | TechSNAP 407
Next Episode: Apollo's ARC | TechSNAP 408
Wes takes a quick look at a container escape proof-of-concept and reviews Docker security best practices.
Wes takes a quick look at a container escape proof-of-concept and reviews Docker security best practices.
Links:
Understanding Docker container escapes | Trail of Bits Blog — Linux cgroups are one of the mechanisms by which Docker isolates containers. The PoC abuses the functionality of the notifyonrelease.Felix Wilhelm on Twitter — Quick and dirty way to get out of a privileged k8s pod or docker container by using cgroups release_agent feature.