Problematic Privileges | TechSNAP 407b

Wes takes a quick look at a container escape proof-of-concept and reviews Docker security best practices.Links:Understanding Docker container escapes | Trail of Bits Blog — Linux cgroups are one of t…

All Jupiter Broadcasting Shows

July 22, 2019

Audio is streamed directly from the publisher (feed.jupiter.zone) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Wes takes a quick look at a container escape proof-of-concept and reviews Docker security best practices.

Links:

Understanding Docker container escapes | Trail of Bits Blog — Linux cgroups are one of the mechanisms by which Docker isolates containers. The PoC abuses the functionality of the notifyonrelease.
Felix Wilhelm on Twitter — Quick and dirty way to get out of a privileged k8s pod or docker container by using cgroups release_agent feature.

Topics

Jupiter BroadcastingAll Shows

← All episodes of All Jupiter Broadcasting Shows