Systems, Network, and Administration Podcast. Every two weeks TechSNAP covers the stories that impact those of us in the tech industry, and all of us that follow it. Every episode we dedicate a portion of the show to answer audience questions, discuss best practices, and solving your problems.
https://techsnap.systems
Problematic Privileges
Wes takes a quick look at a container escape proof-of-concept and reviews Docker security best practices.
Links:
- Understanding Docker container escapes | Trail of Bits Blog — Linux cgroups are one of the mechanisms by which Docker isolates containers. The PoC abuses the functionality of the notify_on_release.
- Felix Wilhelm on Twitter — Quick and dirty way to get out of a privileged k8s pod or docker container by using cgroups release_agent feature.