back to article Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers

An infosec bod has documented a remote-code execution flaw in Alpine Linux, a distro that pops up a lot in Docker containers. Max Justicz, researcher and creator of crowd-sourced bug bounty system Bountygraph, said on Thursday that the vulnerability could be exploited by someone with man-in-the-middle (MITM) network access, or …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. ibmalone Silver badge

    Rotten code in a container can only get more rotten

    Surströmming (technically not rotten...)

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Rotten code in a container can only get more rotten

      Well, if you want rotten, your best bet is Hákarl.

      Ah, those wacky Nordics with their spoiled food...

      Takes a bite of a pickle, washes it down with some kefir.

      0 0 Reply
  2. Updraft102

    I know this IoT thing is getting out of hand, but Linux in trousers? Seems a bit excessive. <g>

    2 0 Reply
    1. Hero Protagonist
      Reply Icon

      As Wallace found out the hard way...

      https://youtu.be/eoV9Hs5Z3rQ

      0 0 Reply
  3. streaky
    Black Helicopters

    During build

    So not actually that dangerous after all.

    Speaking as somebody who builds a lot of docker images I never really got the attraction to alpine - yeah it's smaller but layers render the whole thing moot; you could hide a full windows install behind layers and nobody would really care - YOUR layer might only be a few MB, that's the power of containers.

    Seriously though, not convinced by the dangerous thing, it's bordering on the targetted by a state actor level - at which point you have bigger problems - and easy to fix.

    1 1 Reply
  4. Anonymous Coward
    Anonymous Coward

    any CVE?

    is there a CVE number with this?

    thank-you

    0 0 Reply
    1. diodesign (Written by Reg staff) Silver badge
      Reply Icon

      Re: any CVE?

      Not that we're aware of.

      C.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021

Do not sell my personal information Cookies Privacy Ts&Cs