They don't have access to the host filesystem nor environment variables and this attack wouldn't work.
replyJust because this attack example did not contain container escape exploits does not mean this is safe. Its better than nothing but nothing that will save us.
replyThose supply chain attacks we are seeing are bad, but if someone burns a 0day container escape for it, it would probably be a net positive effect on security overall. Just saying this is FUD.
replyFUD is crypto and tech bro speech. Using containers without vm, gvisor or similar is just irresponsible.
replyOh you are young, FUD was criticism to IBM sales people scaring customers away from PC compatible clones.
reply