oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: cve request: systemd-machined: information exposure for docker containers

From: CAI Qian <caiqian () redhat com>
Date: Wed, 10 Aug 2016 15:00:09 -0400 (EDT)


----- Original Message -----

From: "Daniel J Walsh" <dwalsh () redhat com>
To: oss-security () lists openwall com
Sent: Wednesday, August 3, 2016 3:27:00 AM
Subject: Re: [oss-security] cve request: systemd-machined: information exposure for docker containers



On 08/01/2016 12:24 PM, Shiz wrote:

On 28 Jul 2016, at 16:42, Simon McVittie <smcv () debian org> wrote:

*Which* unprivileged user processes?

If the unprivileged user processes are not in a container, they can get a
significant amount of the same information by reading the host's /proc.

Except if a host is running with hidepid={1,2}, which is not entirely
uncommon
especially in hardened systems. In that regard it /does/ qualify as
infoleak.

- Shiz

Then simply rpm -e oci-register-machine


Except people can't do that in OSes like atomic host.
   CAI Qian
Previous By Date Next
Previous By Thread Next

Current thread: