The field of maliciously accessing another process’s memory has been broadly studied in the Linux environment.
But for some reason I am not able to find similar discussion/similarities for the Docker environment, even despite the fact that Covert Channel Attacks have been studied.
Differences I can think of are:
- PID namespace - what is the impact of it?
- reduced capabilities and systemcall filtering can make it harder for a simple container execution (docker run --it ubuntu:latest /bin/bash) to access the memory
I wish to ask what are the similarities and difference between the two environments?
Suppose all capabilities are granted is there really a different whether I run a container or not?