Cracking the kernel - adventures with kernel exploits in Kubernetes
説明:
We interact with the operating system kernel in many different ways, by reading from the file system, opening a device file, issuing system calls, or sending a packet over the network interface. Each time the kernel does this on behalf of user space, it checks if the user has permission to call that action by checking privileges. Kernel privilege escalation is a process of obtaining additional permissions by exploiting a weakness in kernel code. In this talk we'll explore what kernel privilege exploits are, look at an example in practice, and then show the different ways in which containers and Kubernetes can help to reduce the impact of these kinds of exploits.
講演者:
Matt Jarvis
Director of Developer Relations, Snyk
Kamil Potrec
Senior Security Engineer, Snyk