This is very interesting, because most docker break outs I see are exploits in t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		yutghgh on Feb 22, 2019 \| parent \| context \| favorite \| on: Breaking Out of Docker via RunC This is very interesting, because most docker break outs I see are exploits in the linux kernel, but this is one of the few in the containerization components themselves (first one I remember in runC).

cpuguy83 on Feb 23, 2019 [–]

Definitely not the first. There was one with leaking file descriptors which weren't opened with O_CLOEXEC.

Another with ptrace (fixed by making the process non-dumpable).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact