Randall Degges

@[email protected]
656 Followers
275 Following
745 Posts
I'm just a happy programmer that likes to hack stuff.
Websitehttps://www.rdegges.com
Workhttps://snyk.io
Codehttps://github.com/rdegges
Talkshttps://speakerdeck.com/rdegges
Randall DeggesApr 29, 2024
Google Made Me Ruin A Perfectly Good Website: A Case Study On The AI-Generated Internet https://buff.ly/3UD2FCu (this was too good of a read not to share)
The Luddite

An anticapitalist tech blog. Embrace the technology that liberates us. Smash that which does not.

Randall DeggesFeb 8, 2024
Escaping from Docker one syscall at a time: https://snyk.io/blog/leaky-vessels-container-vuln-deep-dive/
Snyk Leaky Vessels Docker Vulnerability Research Deep Dive | Snyk

Learn how Snyk security researchers uncovered the Leaky Vessels container breakout Docker vulnerabilities assigned CVE-2024-21626, CVE-2024-23652, CVE-2024-23651, and CVE-2024-23653.

Snyk
Randall DeggesFeb 7, 2024
MFeb 7, 2024

Posted by a colleague - and it hits the spot

(Edit: Thanks to @jsit the artist was found: @[email protected], https://www.instagram.com/p/CtNtBJkM7Pu/)

Randall DeggesJan 31, 2024
Show threadWinni NeessenJan 31, 2024
@rdegges Thanks for the updates and links. Good reads to have. I just checked my Arch Linux instances and they already ship the latest patched version of runc as well.
Show threadRandall DeggesJan 31, 2024
Looks like Redhat is investigating the impact on their services: https://access.redhat.com/security/cve/cve-2024-21626#cve-faq
cve-details

Show threadRandall DeggesJan 31, 2024
More press: https://www.csoonline.com/article/1303004/vulnerabilities-in-docker-other-container-engines-enable-host-os-access.html
Vulnerabilities in Docker, other container engines enable host OS access

Leaky Vessels container escape vulnerabilities in Docker runc and other container runtimes potentially break the isolation layer between container and host operating system.

CSO Online
Show threadRandall DeggesJan 31, 2024
Looks like AWS has already made the fixes for their services (awesome news!): https://aws.amazon.com/security/security-bulletins/AWS-2024-001/
CVE-2024-21626 - Runc container issue

Amazon Web Services, Inc.
Show threadRandall DeggesJan 31, 2024
Some press activity is starting =0 https://thehackernews.com/2024/02/runc-flaws-enable-container-escapes.html
RunC Flaws Enable Container Escapes, Granting Attackers Host Access

Critical Container Exploits Found in runC. These flaws allow attackers to break out of containers and access sensitive data or launch further attacks.

The Hacker News
Show threadRandall DeggesJan 31, 2024
Want more behind the scenes info? We published a podcast interview about the new leaky vessels vulnerability here with the security researcher who found it: https://www.devseccon.com/the-secure-developer-podcast/inside-the-matrix-of-container-security-a-deep-dive-into-container-breakout-vulnerabilities
Inside The Matrix Of Container Security: A Deep Dive Into Container Breakout Vulnerabilities | DevSecCon

DevSecCon
Show threadRandall DeggesJan 31, 2024
FYI, this is an extremely important vulnerability. It impacts a TON of software and systems on the internet. You will need to patch ASAP to protect critical infrastructure.