tl;dr: switch to podman :-) or (for docker, not mention in the post but...) just `allowPrivilegeEscalation=False` in the deployment's SCC and you'll be fine at the pod level. Most deployments don't need priv escalation anyway, the ones that do need to either limits perms through capabilities or make sure the node (meaning the kernel) is patched.
My concern is to try to understand the mechanisms of the exploit.
Copy Fail is not simply ”hey, kernel, give me root”. I would say it’s more general than that. It’s rather: ”Hey, kernel, when you present file /foo to a process, make the contents of that file appear according to my wishes”. Which can be used (in various ways) to advance the attacker’s position.
That’s why I think it’s interesting to ponder if that power allows the attacker to simply sneak past security policies such as allowPrivilegeEscalation=false.
How is creating low value, quickly depreciating products good? The op implied this is all a scam, and the went on saying author should become the scammer instead of the victim.
Back in 2018, CloudFormation data leaked through a public gist (misconfigured gist plugin, I thought the gist was private but it wasn't... I had change the default config) and showed up on an obscure website being served via CloudFlare. When I contacted CF, they claimed they couldn’t remove the cached content because their system “doesn’t work like that". I pushed back and then they said that they're not responsible for the content and that I should send another email to abuse@cf... to get data about the hosting provider and deal with the content provider (e.g. VPS, ISP, whatever). After a few back and forth msgs, I made it clear that if the data wasn’t taken down within a week or so, I would escalate the issue to the local and German GDPR authority (see https://www.ombudsman.europa.eu/en/european-network-of-ombud...).
And what do you know? I got not reply, but the content disappeared in ~48hrs.
I take it ideas to mean “well scoped replies” like “list pro and con if this vs that got flow”. While someone might think of N issues the LLM might present another six out of which three or four don’t make sense but one or two do. Might be worth adding these in the document.
Have you? I never came across a cat that prefers rain and cold over dry and cold (and pillows and food). But the most cats in houses or apartments I have seen come in and out as they please through specially built doors in roofs, doors or windows.
you said “latest thread” and I like “didn’t he called for a truce” the I see this comment was three days ago… obviously he has said everything and the opposite by now.
reply