CVE-2019-5736 runc: Execution of malicious containers allows for container escape and access to host filesystem

oracle / railcar

RailCar: Rust implementation of the Open Containers Initiative oci-runtime

Other

1.12k stars 101 forks source link

CVE-2019-5736 runc: Execution of malicious containers allows for container escape and access to host filesystem #45

Open bruceg opened 5 years ago

bruceg commented 5 years ago

Is railcar vulnerable to this exploit? I tried using the docker-based exploit, but it requires the use of the "railcar exec" command, which is not yet implemented. Does that mean it is not possible to exploit it with railcar?

ref: https://nvd.nist.gov/vuln/detail/CVE-2019-5736

delandtj commented 5 years ago

that does it mean indeed... OTOH.. it's pity that Vish stopped working on that :'( toy