Problematic Privileges - Listen - TechSNAP

Problematic Privileges

Listen now

Description

Wes takes a quick look at a container escape proof-of-concept and reviews Docker security best practices. Links: Understanding Docker container escapes | Trail of Bits Blog — Linux cgroups are one of the mechanisms by which Docker isolates containers. The PoC abuses the functionality of the notify_on_release.Felix Wilhelm on Twitter — Quick and dirty way to get out of a privileged k8s pod or docker container by using cgroups release_agent feature.

More Episodes

See all »

430: All Good Things

It's a storage showdown as Jim and Wes bust some performance myths about RAID and ZFS. Plus our favorite features from Fedora 32, and why Wes loves DNF. Links: What's new in Fedora 32 Workstation Fedora 32 ChangeSet Linux distro review: Fedora Workstation 32 TechSNAP 428: RAID Reality Check ZFS...

Published 05/29/20

429: Curious About Caddy

Jim and Wes take the latest release of the Caddy web server for a spin, investigate Intel's Comet Lake desktop CPUs, and explore the fight over 5G between the US Military and the FCC. Links: Caddy offers TLS, HTTPS, and more in one dependency-free Go Web server Caddy 2 Caddy v2 Improvements...

Published 05/15/20

428: RAID Reality Check

We dive deep into the world of RAID, and discuss how to choose the right topology to optimize performance and resilience. Plus Cloudflare steps up its campaign to secure BGP, and why you might want to trade in cron for systemd timers. Links: AMD Claims World’s Fastest Per-Core Performance with...

Published 05/01/20