
Docker user? Haven't patched Dirty COW yet? Got bad news for you - nwrk
http://www.theregister.co.uk/2016/11/01/docker_user_havent_patched_dirty_cow_yet_bad_news/
======
gtjay
As I've discused before, seccomp can block ptrace and thus this VDSO-based
attack (and currently does by default in some distros). Shameless self-link to
that post:

[https://medium.com/@gtrevorjay/consider-containers-a-case-
st...](https://medium.com/@gtrevorjay/consider-containers-a-case-study-of-
cve-2016-5195-2752efe4183b)

Containers are not a security panacea. However, it is equally erroneous to say
they don't add layers to defense-in-depth.

