New Linux glibc flaw lets attackers get root on major distros
https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/
Bugs like this are why I *never* consider Docker, Kubernetes, and other containerization tools to be sufficient for running untrusted code, or to keep different customers separated. They are *not* security features. They make development and deployment easier and more predictable and that's *it*.
If you actually want or expect isolation, nothing less than a virtual machine is acceptable.
r000t /
npub1x6…755fc
2024-01-31 04:15:05
Author Public Key
npub1x6r0l6sje94sx9p5r2tp0908dx4xqapmzz02e0m5x88cfceqpmws8755fcPublished at
2024-01-31 04:15:05Event JSON
{
"id": "227b32527ffb36f1a3c1b92b5f3436ebdbc72b962468c75ba12ccf622879320b",
"pubkey": "3686ffea12c96b0314341a961795e769aa60743b109eacbf7431cf84e3200edd",
"created_at": 1706674505,
"kind": 1,
"tags": [
[
"proxy",
"https://fosstodon.org/users/r000t/statuses/111848620403039056",
"activitypub"
]
],
"content": "New Linux glibc flaw lets attackers get root on major distros\n\nhttps://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/\n\nBugs like this are why I *never* consider Docker, Kubernetes, and other containerization tools to be sufficient for running untrusted code, or to keep different customers separated. They are *not* security features. They make development and deployment easier and more predictable and that's *it*. \n\nIf you actually want or expect isolation, nothing less than a virtual machine is acceptable.",
"sig": "8d39e117bc28effaff3777171cfc4b7dede62beab506f61eaa2fc5f015a7a5bb264fe11f38f1c5d3b6f24409fbb7f4c08524ad676d083afccfa09ddd926e81e1"
}