Collaborating Authors

Doomsday Docker security hole uncovered


One of the great security fears about containers is that an attacker could infect a container with a malicious program, which could escape and attack the host system. Well, we now have a security hole that could be used by such an attack: RunC container breakout, CVE-2019-5736. RunC is the underlying container runtime for Docker, Kubernetes, and other container-dependent programs. Chance are, if you're using containers, you're running them on runC. According to Aleksa Sarai, a SUSE container senior software engineer and a runC maintainer, security researchers Adam Iwaniuk and Borys Popławski discovered a vulnerability, which "allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host. The level of user interaction is being able to run any command (it doesn't matter if the command is not attacker-controlled) as root."

Docker runc flaw opens the door to a 'Doomsday scenario'


Aleksa Sarai, a senior software engineer at SUSE Linux GmbH, has disclosed a serious vulnerability tracked CVE-2019-5736 affecting runc, the default container runtime for Docker, containerd, Podman, and CRI-O. The vulnerability was discovered by the security researchers Adam Iwaniuk and Borys Popławski. "The disclosure of a security flaw (CVE-2019-5736) in runc and docker illustrates a bad scenario for many IT administrators, managers, and CxOs." reads a blog post. "While there are very few incidents that could qualify as a doomsday scenario for enterprise IT, a cascading set of exploits affecting a wide range of interconnected production systems qualifies…and that's exactly what this vulnerability represents," "The vulnerability allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host." Sarai wrote in a post to the OpenWall mailing list.

Container adoption is on the rise: How can security keep up?


Adopting containers has become increasingly popular -- consider that, as of 2019, 33% of global developers indicated that their development organizations currently use containers, and another 25% said they want to do so over the next 12 months. These numbers are not surprising when we consider the value containers offer, such as scalability, agility, and cost reduction. The allure of containers, however, is largely to the benefit of the DevOps side of the house. Security pros are brought in later and left with the suboptimal task of applying existing tools and traditional security mindsets to secure containers -- and discovering that those are ill-equipped to the task. Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.

Kata Containers rewritten in Rust gets a major speed boost


Kata Containers united Intel Clear Containers with Hyper's runV. The goal was to unite virtual machines (VMs) security advantages with the speed and manageability of container technologies. Kata provides container isolation and security without the overhead of running them in a VM. Usually, containers are run in VMs for security, but that removes some of the advantages of using containers with their small resources footprint. Kata containers, however, can run on bare metal.

This 22-piece Pyrex set is ridiculously cheap right now for Black Friday 2020

USATODAY - Tech Top Stories

This Kohl's deal on this top-rated Pyrex set is too good to skip. Purchases you make through our links may earn us a commission. With the holidays coming up, you'll want to be sure you have the right supplies on hand to ensure that none of your festive leftovers go to waste. The best food storage containers can make everything, from food prep to cleanup, feel like less of a hassle, and right now, there's a Pyrex 22-piece glass collection on sale at Kohl's that just so happens to fit the bill. It's exactly the kind of Black Friday 2020 offer you don't want to miss.