David Leadbeater
David Leadbeater
### What happened? I'm running user workloads within a container, including an unmodified Chrome (103.0.5060.53, using the official package). Chrome uses shared memory in /dev/shm to store JIT'd code which...
This allows regexp matching on annotations (not labels) in alert tests. It achieves this by switching to yaml-v3 for just the unit tests, which means we can use a `yaml.Node`...
Using the full i18n library isn't needed, this just needs to be ASCII per MIME style header standards. Signed-off-by: David Leadbeater
This replaces the method of resolving the IP and then munging the URL, with essentially the other way around. It puts the desired hostname in the URL, then uses a...
This metric has the value of the response code from the DNS server; 0 is NOERROR, per https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6 It can be used along with probe_success in order to diagnose why...
I've just released https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663 which affects the Linux kernel. As that document describes there are several mitigations and the best of all is using TLS for IRC, which many IRCv3...
I'm opening this as a draft, this is part of the needed support for user namespaces with Kubernetes. It lacks tests and general polish. I've discussed this approach with @rata,...
This stops things like https://example.com/otheruser/../realuser where "/otheruser" appears to be the verified URL, but the actual URL being verified is "/realuser" due to the "/../". Also fix a test to...
Avoids an attack where profile URLs can be constructed that trick the user into thinking they have a different target. This forces the browser to render the link itself, ignoring...
### Description runc-dmz results in a change in capabilities behaviour, for non-root users. Previously if a binary had file capabilities it would inherit those, *if* it was the first execve...