Hello, welcome to the Tuesday, February 12, 2019 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

If you're using Docker, be aware a major vulnerability was announced in Docker that allows malicious code running in containers to gain

full route access on the host. The vulnerability is located in RunC. RunC is the runtime that

actually does operate your containers. So this is common code to many technologies like Docker,

Container D, Kubernetes, and such.

So if you're using any kind of container

that's based on Linux, which pretty much all of them are,

then you are probably vulnerable.

Now, at this point, patches have been released to GitHub, but have not necessarily been rolled out to all the distributions yet.

So something you should be looking out for.

Now, some distributions like, for example, Redhead, they are running Docker on a system that's

secured with SELinix.

And this can mitigate the exploit here in this case, but if you are not running SELinx on

the host or if you lessened, if you loosened up the configuration, like you're not

running it actually in enforcement mode, if you loosened up the configuration, like you're not running it actually

in enforcement mode, then you are vulnerable.

Now, Docker sort of emerged from LXC Linux containers.

And now, LXC is also vulnerable to this same type of vulnerability.

AlexC also released a patch. And now, according to the advisory, which really focuses on Docker and RunC,

the vulnerability is more difficult to exploit in LXC, but fundamentally the same vulnerability.

And one of the new security features advertised in Mac OS fundamentally the same vulnerability.

...