Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This seems to mitigate the specific threat where I gain non-root shell access to the container, but there's a root process running interpreted code, which I can modify.

However, if the container doesn't contain any processes running as root, there doesn't seem to be any benefit (besides defense in depth) to marking the code as read-only.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: