Rich Kulawiec on 12 Feb 2019 14:43:41 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] runc/docker hole

On Tue, Feb 12, 2019 at 07:47:34AM -0500, jeff wrote:
> How bad is this? As bad as you can imagine. Scott McCarty, Red Hat technical
> product manager for containers, warned:

We were warned -- in no uncertain terms -- about this over a decade ago:

	"You are absolutely deluded, if not stupid, if you think that
	a worldwide collection of software engineers who can't write
	operating systems or applications without security holes,
	can then turn around and suddenly write virtualization layers
	without security holes."

		--- Theo De Raadt, on the statement "Virtualization seems
		to have a lot of security benefits",,
		October 23, 2007

(Yes, I've kept that quote handy all this time.  Both as a reminder to
myself and as something I introduce into every conversation where
someone asserts that virtualization implies security.)

What should worry everyone is not this virtualization security hole.
What should worry everyone are all the *other* virtualization security
holes that people are keeping to themselves because they're busy
exploiting them.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --