While debugging an issue relating to /proc being a symlink to /proc, I noticed that there was a potential vulnerability around runc's expectation of /proc's legitimacy.
And it was actually part of vulnerability CVE-2019-16884, for which they released v1.0.0-rc9. So we should really bump runc to not be vulnerable to this anymore.
While debugging an issue relating to /proc being a symlink to /proc, I noticed that there was a potential vulnerability around runc's expectation of /proc's legitimacy.
Upon digging into it, it turned out they already fixed the bug, in this commit: https://github.com/opencontainers/runc/commit/d463f6485b809b5ea738f84e05ff5b456058a184
And it was actually part of vulnerability CVE-2019-16884, for which they released v1.0.0-rc9. So we should really bump runc to not be vulnerable to this anymore.
At least we're not in production yet...