Explore >> Select a destination


You are here

pwning.systems
| | xcellerator.github.io
2.8 parsecs away

Travel
| | In all the playing around I've been doing with Linux kernel modules, I decided to see what would happen if you tried to load one from a Docker container. It turns out that privileged containers (or just those with CAP_SYS_MODULE) are able to use the sys_init_module() and sys_finit_module() syscalls - which are what's used to load kernel modules. As all containers share their kernel with the host (unlike VMs), this clearly results in yet another complete system compromise.
| | xenophanes.net
2.5 parsecs away

Travel
| |
| | albocoder.github.io
3.1 parsecs away

Travel
| | [AI summary] This blog post details the process of using static analysis with LLVM bitcode to identify the slab cache for kernel objects in the Linux kernel.
| | www.wgdd.de
27.2 parsecs away

Travel
| A private blog about Debian GNU/Linux, my work and life as a Debian user and as Debian developer.