2019-11-21 | Update Docker: Fun bug involving file paths and shared libraries turns out to be a security hole • The Register
'"If one of those files is a symlink, it might inadvertently be resolved under the host root."', "Essentially, this is something developers and other folks using Docker containers just need to be aware of rather than panic over: it can't be exploited remotely over a network, or similar."
'"When root is not strictly needed, I highly recommend running containers as a non-root user," the researcher explained. '
'The container also needs to be run as a root user, which is the default. ', "Miscreants can potentially hijack Docker users' computers by tricking them into running malicious containers and waiting for them to kick off a simple copy command – thanks to a critical flaw."
1 comment
0 u/derram 21 Nov 2019 18:43
https://archive.ph/QbCPt :
'"If one of those files is a symlink, it might inadvertently be resolved under the host root."', "Essentially, this is something developers and other folks using Docker containers just need to be aware of rather than panic over: it can't be exploited remotely over a network, or similar."
'"When root is not strictly needed, I highly recommend running containers as a non-root user," the researcher explained. '
'The container also needs to be run as a root user, which is the default. ', "Miscreants can potentially hijack Docker users' computers by tricking them into running malicious containers and waiting for them to kick off a simple copy command – thanks to a critical flaw."
This has been an automated message.