On Friday, 31 May 2019 4:46:08 PM AEST Salvatore Bonaccorso wrote: > The following vulnerabilities were published for rkt. > > CVE-2019-10144[0]: > rkt: processes run with `rkt enter` are given all capabilities during stage > 2 > > CVE-2019-10145[1]: > processes run with rkt enter do not have seccomp filtering during stage 2 > > CVE-2019-10147[2]: > processes run with rkt enter are not limited by cgroups during stage 2
I do not understand how this is a vulnerability. rkt enter is an interactive
root-only command (requires sudo or root access). IMHO interactive root
session started by admin (e.g. to enter container for inspection, etc.)
should not be restricted.
--
Best wishes,
Dmitry Smirnov.
---
Lying is, almost by definition, a refusal to cooperate with others. It
condenses a lack of trust and trustworthiness into a single act. It is both
a failure of understanding and an unwillingness to be understood. To lie is
to recoil from relationship.
-- Sam Harris
signature.asc
Description: This is a digitally signed message part.
