undefined | Better HN

0 pointszackmorris1d ago0 comments

Has anyone made a sandbox site running every type of container and presenting a shell where users can try to break out of any uncompromised ones remaining?

It's self-evident that we should only run containers that haven't been pwned yet.

I suspect that with all of the CVE-20XX exploits, Heartbleed, Meltdown, Rowhammer, Spectre, etc, that we're all living in a fantasy and there simply are no secure containers.

0 comments

SoftTalker1d ago

Seems a good place to repeat a quote from Theo de Raadt:

You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.

He'd probably say the same about container architectures.

j / k navigate · click thread line to collapse

0 comments

SoftTalker1d ago

Seems a good place to repeat a quote from Theo de Raadt:

He'd probably say the same about container architectures.

j / k navigate · click thread line to collapse