this post was submitted on 27 Jul 2025
171 points (96.7% liked)

Technology

73379 readers
4683 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
171
How we Rooted Copilot (research.eye.security)
submitted 2 days ago by Pro@programming.dev to c/technology@lemmy.world
15 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] nathan@piefed.alphapuggle.dev 84 points 2 days ago (2 children)

$10 says they haven't actually escaped anything and it's just hallucinating a directory structure & file contents

[–] communism@lemmy.ml 32 points 2 days ago (1 children)

MS said they fixed it and categorised it as a "moderate severity vulnerability" so presumably they did in fact gain root access to the container

[–] wewbull@feddit.uk 17 points 2 days ago (4 children)

If they gained root access to the container, that's not a moderate vulnerability. Root inside a container is still root. You can still access the kernel with root privs and it's the same kernel as the host.

Docker is not a virtual machine.

[–] Grappling7155@lemmy.ca 1 points 1 day ago* (last edited 1 day ago)

Docker isn’t, but I was under the impression that hyperscalars tended to put all their containers in lightweight VMs or use something like kata containers anyways for security purposes

[–] communism@lemmy.ml 9 points 2 days ago (1 children)

I know that? I'm just saying that MS categorised it as such. It would be strange to include the part about MS's responses if MS also found that the vulnerability was not what the researchers claimed it was.

[–] wewbull@feddit.uk 7 points 1 day ago (1 children)

What I'm saying is something about the story doesn't add up.

Either Microsoft classified a major issue as a minor one so they didn't have to payout the bug bounty (quite possible), or the attack didn't achieve what the researchers thought it did and Microsoft classified it according to it's actual results.

[–] trolololol@lemmy.world 9 points 1 day ago

If I have to choose between either ms or an unknown being correct, I pick the unknown person.

[–] ftbd@feddit.org 1 points 1 day ago

That assumes the container itself is run as root, right?

[–] Fizz@lemmy.nz 1 points 1 day ago

I think they gained root to the python env which they couldn't do anything with because it was still running in docker inside a VM.

  • According to a smart sounding fella on hacker news.
[–] MagicShel@lemmy.zip 23 points 2 days ago

Even if it had access to its own source during training, the chances of it regurgitating it with total fidelity are zero.