oss-sec mailing list archives
Re: cve request: systemd-machined: information exposure for docker containers
From: CAI Qian <caiqian () redhat com>
Date: Wed, 10 Aug 2016 15:00:09 -0400 (EDT)
----- Original Message -----
From: "Daniel J Walsh" <dwalsh () redhat com> To: oss-security () lists openwall com Sent: Wednesday, August 3, 2016 3:27:00 AM Subject: Re: [oss-security] cve request: systemd-machined: information exposure for docker containers On 08/01/2016 12:24 PM, Shiz wrote:On 28 Jul 2016, at 16:42, Simon McVittie <smcv () debian org> wrote: *Which* unprivileged user processes? If the unprivileged user processes are not in a container, they can get a significant amount of the same information by reading the host's /proc.Except if a host is running with hidepid={1,2}, which is not entirely uncommon especially in hardened systems. In that regard it /does/ qualify as infoleak. - ShizThen simply rpm -e oci-register-machine
Except people can't do that in OSes like atomic host. CAI Qian
Current thread:
- Re: Re: cve request: systemd-machined: information exposure for docker containers, (continued)
- Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke (Jul 27)
- Re: Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Jul 27)
- Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke (Jul 27)
- Re: cve request: systemd-machined: information exposure for docker containers Jesse Hertz (Jul 27)
- Re: cve request: systemd-machined: information exposure for docker containers Jessica Frazelle (Jul 27)
- Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Jul 28)
- Re: cve request: systemd-machined: information exposure for docker containers Simon McVittie (Jul 28)
- Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Jul 28)
- Re: cve request: systemd-machined: information exposure for docker containers Shiz (Aug 01)
- Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Aug 03)
- Re: cve request: systemd-machined: information exposure for docker containers CAI Qian (Aug 10)
- Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Aug 10)
- Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke (Jul 27)