FYI: I had tried this exploit with rootless podman containers to write to read-only mounts, but the exploit failed. I am not sure if the default container runtime in Podman is resistant against these attacks or if it assumes Docker running containers with higher privileges, but at least it was a pleasant observation. (kernel 6.18)
by AlfieJones
2 subcomments
It feels like AI is speeding up bug discovery faster than security can keep up. Curious if this is temporary or just the new normal.
by louwrentius
3 subcomments
Maybe I’m missing something but because of this kind of risk, an old fashioned virtual machine feels like a more robust security boundary.
Hacker News