Problematic Privileges
July 22nd, 2019
7 mins 14 secs
Tags
About this Episode
Wes takes a quick look at a container escape proof-of-concept and reviews Docker security best practices.
Episode Links
- Understanding Docker container escapes | Trail of Bits Blog — Linux cgroups are one of the mechanisms by which Docker isolates containers. The PoC abuses the functionality of the notify_on_release.
- Felix Wilhelm on Twitter — Quick and dirty way to get out of a privileged k8s pod or docker container by using cgroups release_agent feature.