Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

  • mwguy@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    1 year ago

    Instead of giving it a LLVM based shell, can you give it an actual shell in a container? Maybe backed by AppArmor or SELinux to prevent breakouts

    • Red@aussie.zone
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Tempting, but in order to reduce the potential attack surface, I’m likely just to create a simple simulator instead now.

      If it’s good enough to fool the first few interactions of an automated script, that’ll probably do. That’ll give me the curl/wget target they’re trying to insect me with, most likely.

      It means I can potentially create a single binary docker instance that can be reset practically instantly by deleting/reimporting.