undefined | Better HN

0 pointsqaq8y ago0 comments

"containers are not secure, anywhere" Zones are very secure although you might or might not consider them "containers".

0 comments

Zones have the same problem that linux containers have which is a massive attack surface in the form of a kernel. And if you think zones are secure: Which OS do you think had more kernel exploits that could be used to escape container/zone in the last 2 years? I think the answer is much closer than you might think.

qaqOP8y ago

I am not tracking closely to be honest since I have not being working with Illumos based distros for 5 years +/- when we were using omniOS I do not remember things being too bad. Not sure what % of vuln. are Oracle Solaris specific given that majority of orig. SUN eng. left long time ago Illumos might be in much better shape vs Solaris.

helper8y ago

http://www.zerodayinitiative.com/advisories/ZDI-16-168/

http://www.zerodayinitiative.com/advisories/ZDI-16-274/

These were both in Illumos found by the person you are replying to.

1 more reply

j / k navigate · click thread line to collapse