docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #366 from riyazdf/dirty-cow 

Add dirty COW security event
This commit is contained in:
Sebastiaan van Stijn 2016-10-29 00:58:27 -07:00 committed by GitHub
parent a553ea8e8f 196a1886b7
commit 109a25c230
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
engine/security/non-events.md
View File

@ -89,3 +89,10 @@ Bugs *not* mitigated:
the kernel's non-maskable interrupt handling allowed privilege escalation.
Can be exploited in Docker containers because the `modify_ldt()` system call is
not currently blocked using seccomp.
* [CVE-2016-5195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195):
A race condition was found in the way the Linux kernel's memory subsystem
handled the copy-on-write (COW) breakage of private read-only memory mappings,
which allowed unprivileged local users to gain write access to read-only memory.
Also known as "dirty COW."
*Partial mitigations:* on some operating systems this vulnerability is mitigated
by the combination of seccomp filtering of `ptrace` and the fact that `/proc/self/mem` is read-only.