It's a local vulnerability at least. How many people do you let log in to your router? With t...

SoftTalker • yesterday at 6:42 PM • 4 replies • view on HN

It's a local vulnerability at least. How many people do you let log in to your router?

With the way linux is used these days, I'd guess the number of systems with untrusted local users is pretty limited. Even with shared hosting, you generally have root in your VM or container anyway. Unless this enables an escape from that?

Still the risk that people who run "curl | bash" without care could get bitten, but usually its "curl | sudo bash" anyway...

Replies

sgbeal • yesterday at 6:54 PM

> Even with shared hosting, you generally have root in your VM or container

Lots of shared hosters don't use VMs or containers. It's some arbitrary number of people logging in to a shared system, each one with a home directory under /home/THE_USER_NAME. i've had several such hosters over the years (thankfully not right now, though).

sjpb • yesterday at 7:54 PM

> With the way linux is used these days, I'd guess the number of systems with untrusted local users is pretty limited

Things like HPC clusters are multiuser & don't entirely trust their users. If they did we wouldn't need users/groups/permissions etc in the first place.

➕ show 1 reply

dist-epoch • yesterday at 7:07 PM

With this exploit it's trivial to jump from one container to another neighbor container. I've tried it and succeeded.

So containers don't protect you, only a VM.

➕ show 2 replies

michaelmrose • yesterday at 7:00 PM

Local root is part of the path to escaping

alt Hacker News

Replies