Docker user? Haven't patched Dirty COW yet? Got bad news for you (theregister.co.uk) 9 points by nwrk 9y ago ↗ HN
[–] gtjay 9y ago ↗ As I've discused before, seccomp can block ptrace and thus this VDSO-based attack (and currently does by default in some distros). Shameless self-link to that post:https://medium.com/@gtrevorjay/consider-containers-a-case-st...Containers are not a security panacea. However, it is equally erroneous to say they don't add layers to defense-in-depth.
1 comment
[ 2.8 ms ] story [ 26.4 ms ] threadhttps://medium.com/@gtrevorjay/consider-containers-a-case-st...
Containers are not a security panacea. However, it is equally erroneous to say they don't add layers to defense-in-depth.