You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Instead execing /proc/self/exe inside the sandbox it should exec a copy using memfd_create().
This avoids potential security problems if an attack manages to write to it, replacing the runjail binary on the host.
See CVE-2019-5736
The text was updated successfully, but these errors were encountered:
Instead execing /proc/self/exe inside the sandbox it should exec a copy using memfd_create().
This avoids potential security problems if an attack manages to write to it, replacing the runjail binary on the host.
See CVE-2019-5736
The text was updated successfully, but these errors were encountered: