Wes 🇵🇸 on Twitter: "This bug is made worse by the fact that docker does not use a least privilege design, and requires ambient authority to do anything period (as root!) https://t.co/QwuJtLXQ4K" / Twitter

This bug is made worse by the fact that docker does not use a least privilege design, and requires ambient authority to do anything period (as root!)

Quote Tweet

Dimitrios Slamaris

@dim0x69

May 28, 2019

CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack seclists.org/oss-sec/2019/q

3:35 PM · May 29, 2019Twitter for Android

Replying to

podman by

is least privilege friendly in that containers are forks from the user who executes podman (non-daemon implementation), rather than children of the privileged docker daemon. Available since RHEL/CentOS ( #AndProbOthers ) late-v7 and made *really* easy in RHEL8

1

Conversation