Sign in / up

back to article Docker user? Haven't patched Dirty COW yet? Got bad news for you

Here's another reason to pay attention to patching your Linux systems against the Dirty COW vulnerability: it can be used to escape Docker containers. That news comes from Paranoid Software's Gabriel Lawrence, who describes the escape here. Dirty COW is a race condition in Linux arising from how Copy-On-Write (the COW in the …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Ragarath

    But...

    Containers mean everything is separated right? Nothing can escape is what we were told.

    2 2 Reply
    1. temporial
      Reply Icon

      Re: But...

      :), there should be a small asteriks in the end of container advertising.

      3 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: But...

      We were told the same thing about VM's and sandboxes. It wasn't true for them, why would anyone trust the claim for containers?

      1 0 Reply
      1. Ragarath
        Reply Icon

        Re: But...

        Sorry needed a sarcasm icon. :)

        2 0 Reply
    3. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: But...

      "Containers mean everything is separated right?

      Virtually separated, yes.

      0 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    If it is software

    It can be tricked.

    0 0 Reply
  3. streaky
    Holmes

    Er..

    See icon.

    0 0 Reply
  4. Tim Brown 1
    Holmes

    I told you so...

    When all the hype about Docker started I had a look at it and timely security updates was something that put me off the whole thing. That and the layer upon layer of the filesystem structure with seemingly no easy way to merge redundant layers was frankly a little psychotic (it may be better now, I haven't checked).

    3 1 Reply
  5. ranio1
    Linux

    A step by step explanation of how it affect containers

    Our security team blogged about this today with some examples of how DirtyCOW enables containers to write to read-only mounts: http://blog.aquasec.com/dirty-cow-vulnerability-impact-on-containers

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like