Rich Kulawiec on 12 Feb 2019 14:43:41 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] runc/docker hole


On Tue, Feb 12, 2019 at 07:47:34AM -0500, jeff wrote:
> How bad is this? As bad as you can imagine. Scott McCarty, Red Hat technical
> product manager for containers, warned:

We were warned -- in no uncertain terms -- about this over a decade ago:

	"You are absolutely deluded, if not stupid, if you think that
	a worldwide collection of software engineers who can't write
	operating systems or applications without security holes,
	can then turn around and suddenly write virtualization layers
	without security holes."

		--- Theo De Raadt, on the statement "Virtualization seems
		to have a lot of security benefits", misc@openbsd.org,
		October 23, 2007

(Yes, I've kept that quote handy all this time.  Both as a reminder to
myself and as something I introduce into every conversation where
someone asserts that virtualization implies security.)

What should worry everyone is not this virtualization security hole.
What should worry everyone are all the *other* virtualization security
holes that people are keeping to themselves because they're busy
exploiting them.

---rsk
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug