singularity
singularity copied to clipboard
nccgroup
Added support for macOS, additional IP formats, and to drop privileges
Changes Submitted:
-
[Security] Application will drop privileges by default if running as the root account.
- By default the user is
nobodybut this can be configured via the-dropToUsername <username>argument or disabled via the-dontDropPrivileges.
- By default the user is
-
[Bug Fix] Application now compiles and runs on macOS.
- The TProxy syscall does not appear to have an equivalent on macOS. Moving this feature to its own platform specific file,
singularity_linux.go, allows singularity to be compiled and run on macOS.
- The TProxy syscall does not appear to have an equivalent on macOS. Moving this feature to its own platform specific file,
-
[Feature] Added support for base 10 encoded IP addresses.
- I ran into a case where I had an SSRF that was also vulnerable to DNS rebinding, however, exploitation limited the amount of subdomains I was able to use. I was able to get around this by patching singularity to also allow base 10 encoded IP address. The original functionality is unchanged. e.g:
s-8.8.8.8-127.0.0.1-1-fs-e.dynamic.example.combecomess-134744072-2130706433-1-fs-e.dynamic.example.com
- I ran into a case where I had an SSRF that was also vulnerable to DNS rebinding, however, exploitation limited the amount of subdomains I was able to use. I was able to get around this by patching singularity to also allow base 10 encoded IP address. The original functionality is unchanged. e.g:
Thank you for your contribution. We will consider merging each feature individually in future improvements.
