|
Message-ID: <095c337c-63af-ecdd-866a-9d1918e4bfac@redhat.com> Date: Wed, 10 Aug 2016 15:04:50 -0400 From: Daniel J Walsh <dwalsh@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: cve request: systemd-machined: information exposure for docker containers On 08/10/2016 03:00 PM, CAI Qian wrote: > > ----- Original Message ----- >> From: "Daniel J Walsh" <dwalsh@...hat.com> >> To: oss-security@...ts.openwall.com >> Sent: Wednesday, August 3, 2016 3:27:00 AM >> Subject: Re: [oss-security] cve request: systemd-machined: information exposure for docker containers >> >> >> >> On 08/01/2016 12:24 PM, Shiz wrote: >>>> On 28 Jul 2016, at 16:42, Simon McVittie <smcv@...ian.org> wrote: >>>> >>>> *Which* unprivileged user processes? >>>> >>>> If the unprivileged user processes are not in a container, they can get a >>>> significant amount of the same information by reading the host's /proc. >>> Except if a host is running with hidepid={1,2}, which is not entirely >>> uncommon >>> especially in hardened systems. In that regard it /does/ qualify as >>> infoleak. >>> >>> - Shiz >> Then simply rpm -e oci-register-machine >> > Except people can't do that in OSes like atomic host. > CAI Qian But people do not tend to have non privileged users logged into atomic host.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.