Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to ...

Fortunately, there are currently no reports of any of the three bugs being actively abused in the wild, and runC developers ...

Aliases are another great choice, both inside and outside a container. You can map Docker aliases on your host or map service ...

此次 runC 漏洞的曝光，再次警示我们，在拥抱云原生技术的同时，必须高度重视容器安全。 容器逃逸漏洞的出现，不仅威胁到单个容器的安全性，更可能影响到整个宿主机乃至云环境的稳定和安全。 随着云原生技术的不断发展，容器安全将成为一个长期而艰巨的挑战。 开发者和运维人员需要不断学习和掌握最新的安全技术，及时更新和维护系统，并采取有效的安全措施，才能确保云原生环境的安全可靠运行。

这三个漏洞的核心攻击方式均与 Linux 系统的文件挂载机制有关。攻击者可在容器启动的瞬间，通过竞争条件（Race Condition）或预设的符号链接（symlink），欺骗 runC 将宿主机上的敏感路径（如 / proc 目录下的文件）以可写方式挂载到容器内部。

What makes this important, even vital, news to the larger world of system administrators, datacenter managers, and cloud architects, is that Google, Red Hat, and Parallels are now helping build the ...

The flaws let attackers abuse masked paths, console bind-mounts, and redirected writes to escape containers and gain host ...

If you had any doubts about just how popular Docker's containers are, the news that VMware is partnering with Docker, Google, and Pivotal to integrate Docker containers into VMware's virtualization ...

Security researchers have found several alarming security flaws in tooling used by containerization tool Docker that allows ...

Cisco Talos' discovery that the Alpine Linux distribution Docker image came with a blank root password (CVE-2019-5021) led to the discovery that 194 of the top 1000 most popular Docker containers also ...