A security vulnerability has been disclosed for a flaw in runc, Docker and Kubernetes' container runtime, which can be used to attack any host system running containers.
One of the great security fears about containers is that an attacker could infect a container with a malicious program, which could escape and attack the host system. Well, we now have a security hole that could be used by such an attack.
RunC is the underlying container runtime for Docker, Kubernetes, and other container-dependent programs. It's an open-source command-line tool for spawning and running containers. Docker originally created it. Today, it's an Open Container Initiative (OCI) specification. It's widely used. Chances are, if you're using containers, you're running them on runC.
Security researchers discovered the vulnerability, which "allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host. The level of user interaction is being able
to run any command (it doesn't matter if the command is not attacker-controlled) as root."
To do this, an attacker has to place a malicious container within your system. But, this is not that difficult. Lazy sysadmins often use the first container that comes to hand without checking to see if the software within that container is what it purports to be.
Besides runC, the problem can also attack container systems using LXC and Apache Mesos container code. So, yes, if you're running any kind of containers, you need to patch ASAP.
Amazon Web Services has already made a patch available for Amazon Linux, and patches are being rolled out for Amazon's ECS, EKS, and AWS Fargate services.
Sent to us by: Robbie Ferguson
Canonical has released a new kernel update for Ubuntu systems to address a regression introduced by the last kernel security patch.
After patching a nasty Linux kernel regression in the Ubuntu 18.04 LTS operating system series, Canonical now addressed another regression affecting the Linux 4.18 kernel packages of Ubuntu 18.10 and Ubuntu 18.04.1 LTS systems, which was introduced by an important kernel security update released last week.
The kernel security update that Canonical published on February 4th was available for Ubuntu 18.10, Ubuntu 16.0.4 LTS, and Ubuntu 14.04 LTS systems, but only Ubuntu 18.10 machines were affected by a regression that could prevent them from booting when certain graphics chipsets are used.
The regression affects not only Ubuntu 18.10 systems, but also Ubuntu 18.04 LTS machines running the Linux 4.18 Hardware Enablement kernel from Ubuntu 18.10, which is included in the new Ubuntu 18.04.2 LTS point release.
If you're running Ubuntu 18.10 or Ubuntu 18.04 LTS with Linux kernel 4.18, you are urged to update your kernel packages immediately.
Sent to us by: Robbie Ferguson
SpaceX is seeking US approval to deploy up to 1 million Earth stations to receive transmissions from its planned satellite broadband constellation.
The Federal Communications Commission last year gave SpaceX permission to deploy nearly 12,000 low-Earth orbit satellites for the planned Starlink system. An application submitted February 1 from SpaceX Services, a sister company, asks the FCC for "a blanket license authorizing operation of up to 1,000,000 Earth stations that end-user customers will utilize to communicate with SpaceX's non-geostationary orbit constellation."
SpaceX job listings describe the user terminal as "a high-volume manufactured product customers will have in their homes."
SpaceX Services seeks authority to deploy and operate these Earth stations throughout the United States, Alaska, Hawaii, Puerto Rico, and the US Virgin Islands."
Each user terminal "will communicate only with those SpaceX satellites that are visible on the horizon above a minimum elevation angle," the application says.
SpaceX asked the FCC for quick approval to support the company's "ambitious timetable for launching satellites and deploying broadband services."
SpaceX wrote, "Granting this application would serve the public interest by helping to speed broadband deployment throughout the United States by authorizing the ground-based component of SpaceX's satellite system."
SpaceX hasn't provided a specific availability date, but a Reuters report in October 2018 said SpaceX's "goal of having Internet service available in 2020 is 'pretty much on target' with an initial satellite launch by mid-2019."
FCC rules require the launch of 50 percent of satellites within six years of authorization and all of them within nine years unless a waiver is granted.
SpaceX has said its broadband satellites will provide gigabit speeds and latencies as low as 25ms, similar to cable or fiber systems.
Sent to us by: Roy W. Nash
Raspberry Pi has opened its first bricks-and-mortar store in Cambridge.
The foundation behind the credit-card sized Raspberry Pi single board computer said it hoped the store would help people get hands-on with the technology, try their hand at programming and see some of the projects being powered by Pi.
The shop, located in Cambridge’s Grand Arcade shopping centre, is in the city where Raspberry Pi was founded and is still based. As well as Raspberry Pi kit and peripherals, the shop will also sell Pi merchandise and magazines.
To coincide with the store opening, the foundation is also releasing a new Raspberry Pi starter kit, which includes the latest Pi 3 Model B+ as well as a keyboard, mouse, SD card, power supply unit, HDMI cable, case and a book explaining the basics of Pi. The kit will only be sold in the physical store for the time being but will be rolled-out online in the coming weeks.
Founder and CEO Eben Upton says the shop was the next big step to persuading more people to catch the Raspberry Pi bug. He says “The shop provides potential customers with a chance to learn about Raspberry Pi, while at the same time giving us a chance to learn more about their needs.”
Previously, the majority of Raspberry Pi units and accessories were sold online. As well as attracting new customers, Upton said the shop could also become a way of better interacting with and developing the online Pi community.
Founded six years ago, the Raspberry Pi Foundation has gone on to sell 19 million of its low-cost, single-board computers.
Raspberry Pi isn’t the only online-only brand that’s moved offline. Amazon has been experimenting with bricks-and-mortar stores since 2015 and in January 2018 it opened its first cashier-less grocery store to the public.