On Wed, Jun 21, 2017 at 5:09 PM, Christopher Samuel <sam...@unimelb.edu.au> wrote: > So yes, you are quite right, this (currently) doesn't seem like > something you need to worry about with users own codes being copied onto > the system or containers utilised through Shifter and Singularity which > exist to disarm Docker containers. > > Phew, thanks so much for pointing that out! :-)
Well well well, I don't want to rain on the parade, and that's entirely true for the most part but two key things to keep in mind: 1. Things like libffi [1] have also been patched to address this vulnerability, so it looks like this may be a little more complex than just updating or preventing access to SUID root binaries. 2. Singularity heavily relies on SUID root binaries to manipulate images [2]. That's actually the one user-facing application that I'm the most worried about right now. [1]: https://lists.debian.org/debian-security-announce/2017/msg00149.html [2]: http://singularity.lbl.gov/faq#are-there-any-special-security-concerns-that-singularity-introduces Cheers, -- Kilian _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
