> Even with shared hosting, you generally have root in your VM or container
replyLots of shared hosters don't use VMs or containers. It's some arbitrary number of people logging in to a shared system, each one with a home directory under /home/THE_USER_NAME. i've had several such hosters over the years (thankfully not right now, though).
> With the way linux is used these days, I'd guess the number of systems with untrusted local users is pretty limited
replyThings like HPC clusters are multiuser & don't entirely trust their users. If they did we wouldn't need users/groups/permissions etc in the first place.
Yes. Not even just HPC clusters, shared login servers are pretty common in academia. I manage several in our lab. Sure, we mostly trust the users against malice more or less but not so much against incompetence. A malicious vscode plugin would run rampant in this space.
replyAnd then there are users running claude-cli and friends who may just find it convenient to use a local root exploit to remove obstacles.
With this exploit it's trivial to jump from one container to another neighbor container. I've tried it and succeeded.
replySo containers don't protect you, only a VM.
So anyone pulling a malicious dockerfile jeopardizes the host? That would be bad...
reply...no shit? Why do you think people care about this issue?
reply> I've tried it and succeeded.
replyHow so?
Local root is part of the path to escaping
reply