new container escape vulnerability just dropped (specific to flatpak): https://www.openwall.com/lists/oss-security/2024/04/18/5
it’s because flatpak is a shim on top of bwrap, and they forgot to use a — to stop getopt processing.
guess which other container ecosystem is a pile of shims on shims? 🙃
Ariadne Conill 🐰:therian: /
npub1lx…zhll9
2024-05-05 18:07:40
Author Public Key
npub1lxcygzft450wuzz3kh9xg7vnm25fsd668wgse0u334r65n8u9yksqzhll9Seen on
wss://relay.primal.netPublished at
2024-05-05 18:07:40Event JSON
{
"id": "7de0578f71e6b48158b8983f24f82b5fee17e51f3c526f6e2c586c135d923653",
"pubkey": "f9b044092bad1eee0851b5ca647993daa898375a3b910cbf918d47aa4cfc292d",
"created_at": 1714932460,
"kind": 1,
"tags": [
[
"proxy",
"https://social.treehouse.systems/@ariadne/112389813741711973",
"web"
],
[
"proxy",
"https://social.treehouse.systems/users/ariadne/statuses/112389813741711973",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://social.treehouse.systems/users/ariadne/statuses/112389813741711973",
"pink.momostr"
]
],
"content": "new container escape vulnerability just dropped (specific to flatpak): https://www.openwall.com/lists/oss-security/2024/04/18/5\n\nit’s because flatpak is a shim on top of bwrap, and they forgot to use a — to stop getopt processing.\n\nguess which other container ecosystem is a pile of shims on shims? 🙃",
"sig": "129f190da751ae89b295f3a5c1c53797cbb6fc23905215c047a41e5ed250f4e1bf585cd03877421145a87a4091e3e3c7d91fcef6fe5113a135034dc4c45fdc6f"
}