| Rich Kulawiec on 12 Feb 2019 14:43:41 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] runc/docker hole |
On Tue, Feb 12, 2019 at 07:47:34AM -0500, jeff wrote: > How bad is this? As bad as you can imagine. Scott McCarty, Red Hat technical > product manager for containers, warned: We were warned -- in no uncertain terms -- about this over a decade ago: "You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes." --- Theo De Raadt, on the statement "Virtualization seems to have a lot of security benefits", misc@openbsd.org, October 23, 2007 (Yes, I've kept that quote handy all this time. Both as a reminder to myself and as something I introduce into every conversation where someone asserts that virtualization implies security.) What should worry everyone is not this virtualization security hole. What should worry everyone are all the *other* virtualization security holes that people are keeping to themselves because they're busy exploiting them. ---rsk ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug