https://www.scrivano.org/tags/cve/ Recent content in Cve on *scratch* Hugo en Sat, 06 Jun 2026 10:03:54 +0000 https://www.scrivano.org/posts/2022-12-21-hide-self-exe/ Wed, 21 Dec 2022 22:15:00 +0200 https://www.scrivano.org/posts/2022-12-21-hide-self-exe/ <p>I have been working on a new functionality for the <code>prctl</code> syscall that addresses a common security concern with container runtimes. The <code>/proc/self/exe</code> symlink, which points to the executable of the running process, was the key ingredient in CVE-2019-5736, a vulnerability that allowed a malicious container to overwrite the container runtime binary on the host. The workaround deployed at the time — re-execing from a copy or using a read-only bind mount — treats the symptom rather than the cause.</p>