
What's new in Singularity 2.5 and why it affects everyone using containers - nervous
https://www.sylabs.io/2018/05/whatsnew-singularity-2-5-why-affects-everyone-using-containers/
======
nervous
tl;dr The Sylabs team recently discovered an exploit vector to all container
runtimes, that allows a malicious user to gain additional privileges within a
container on hosts running kernels that do not support the PR_SET_NO_NEW_PRIVS
feature.

Singularity is not the only container platform affected; this vulnerability
can be exploited using any container runtime on a vulnerable kernel.

