On Sun, Jun 02, 2019 at 08:12:50AM +1000, Dmitry Smirnov wrote: > On Friday, 31 May 2019 4:46:08 PM AEST Salvatore Bonaccorso wrote: > > The following vulnerabilities were published for rkt. > > > > CVE-2019-10144[0]: > > rkt: processes run with `rkt enter` are given all capabilities during stage > > 2 > > > > CVE-2019-10145[1]: > > processes run with rkt enter do not have seccomp filtering during stage 2 > > > > CVE-2019-10147[2]: > > processes run with rkt enter are not limited by cgroups during stage 2 > > I do not understand how this is a vulnerability. rkt enter is an interactive > root-only command (requires sudo or root access). IMHO interactive root > session started by admin (e.g. to enter container for inspection, etc.) > should not be restricted.
Well, see https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/, the claim is that this allows an attacker with root in the rkt container to execute code with root permissions on the host. Cheers, Moritz
