So a threat actor buys access to a managed kubernetes service, or other linux-based shared hosting platform, and now they have access to the computer.
Hell, GitHub Actions would do.
So a threat actor buys access to a managed kubernetes service, or other linux-based shared hosting platform, and now they have access to the computer.
Hell, GitHub Actions would do.
Is there any service that relies on Linux user separation or containers to separate different user accounts? I’m pretty sure you’re not supposed to do that and the proper way is to run different instances in virtual machines.
Basically every shared webhost that uses cPanel works like this. The security mechanism they use is called CageFS (https://cloudlinux.com/getting-started-with-cloudlinux-os/41...), which makes it so users can't see other users, but it's not like a VM or something.
Right, you're not supposed to do that...