back to article Google Project Zero zeroes in on Google project: Security hole spotted in gVisor sandbox fence

Google's gVisor sandboxed kernel had a bug that would allow an attacker to escape their container and overwrite files in the host filesystem – according to Google Project Zero's Jann Horn. Horn popped his advisory up once Google's open-source folk posted fixes for the software at its GitHub repository. The high-severity bug, …

  1. Bronek Kozicki Silver badge

    This is good bug hunting

    n/t

    1. Charlie Clark Silver badge

      Re: This is good bug hunting

      Indeed. Of course, the real proof will be when someone finds a bug and Google doesn't find a fix or workaround within the 90 day window.

  2. Kevin McMurtrie Silver badge

    Security where they want it

    How about checking up on Google Groups, which has probably generated trillions of Usenet and email spams in the past decade due to feature abuse vulnerabilities? I have part of GMail blacklisted right now because Groups can be tricked into creating subscriptions for arbitrary e-mail addresses. I reported it and Google said it's not a security bug.

    1. Charlie Clark Silver badge

      Re: Security where they want it

      I have only two groups but have so far found the spam protection pretty good. One group requires moderation by first time posters, the other one you just need to be registered. I get occasional spam reports for the stuff that Google thinks is probably spam and it usually is. Funny thing was last week that my own e-mails were suspected, probably due to being on an anonymous VPN at the time.

      But I guess volume may depend on the subject. If in doubt, however, enable moderation of posters.

      NB. this has nothing really to do with software security.

      1. Kevin McMurtrie Silver badge

        Re: Security where they want it

        Google filters out their own spam when they display Google Groups but lets it all flow out to their peers. Last the I used Usenet, popular topics were each getting 100 to 5000 spams a day from Chinese crime gangs scripting Google Groups. There's a new hack to make Groups work like a mailing list. Google knows about it but doesn't care.

  3. Nicko
    Facepalm

    Can't really blame Google Groups...

    ...if a lazy group owner/administrator doesn't set up verified membership checking...

    I'm a moderator of a reasonably popular group (over 1,000 members, been going 10 years on Google and on Yahoo! before), and we get almost no spam. Probably had one bit in the last 5 years or so.

    If you create a phpBB forum and don't moderate new member applications because you're useless, would you blame phpBB for that?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020