QuantumGhost QuantumGhost

## Permissive forwarding rule leads to unintentional exposure of containers to external hosts
From self[at]sungpae.com Mon Nov  8 16:59:48 2021
Date: Mon, 8 Nov 2021 16:59:48 -0600
From: Sung Pae <self[at]sungpae.com>
To: security@docker.com
Subject: Permissive forwarding rule leads to unintentional exposure of
 containers to external hosts
Message-ID: <YYmr4l1isfH9VQCn@SHANGRILA>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="QR1yLfEBO/zgxYVA"

## killbutmakeitlooklikeanaccident.sh
#!/bin/bash

gdb -p "$1" -batch -ex 'set {short}$rip = 0x050f' -ex 'set $rax=231' -ex 'set $rdi=0' -ex 'cont'

## ramer_douglas_peucker_funneling.py
"""
This is based on https://en.wikipedia.org/wiki/Ramer%E2%80%93Douglas%E2%80%93Peucker_algorithm,
with the requirement that the maximum norm is used for distance calculations.

The algorithm is as follows, described for R^2, but it is easily extensible to
arbitrary dimensions >2:
- given points p_1, ..., p_n, we start by constructing our funnel
  by calculating
    dp_1 = (p_2 - p_1)
    x_1_top    = (dp_1_y + epsilon) / dp_1_x

## gomod.nix
let
  pkgs = import <nixpkgs> {};
  inherit (pkgs) lib;
  src = pkgs.fetchgit {
    url = "https://gitlab.com/NickCao/RAIT";
    rev = "e84e803641ec3a2dce5670275ea8d5497608f483";
    fetchSubmodules = false;
    deepClone = false;
    leaveDotGit = false;
    sha256 = "sha256-vaRPmHrom4GEOuAdILzFpttc4vwcRVQWhLNalCco2qE=";

## icmp-traceing.py
from bcc import BPF
import ctypes

bpf_text ="""
#include <linux/ptrace.h>
#include <linux/sched.h>        /* For TASK_COMM_LEN */
#include <linux/icmp.h>
#include <linux/ip.h>
#include <linux/netdevice.h>

## fast-check.test.ts
/**
 * Running the fast-check property-based testing library in the Deno
 * JavaScript/TYpeScript runtime.
 * See: https://github.com/dubzzz/fast-check
 *
 * This file contains all the 'simple' examples from the fast-check
 * repo using Deno.test for the test functions and assertions
 * from the Deno standard library. I also added some missing type
 * annotations.
 *

## esm-package.md

      
              1 file
            
          
              200 forks
            
          
              7 comments
            
          
              2780 stars
            
          
                sindresorhus
                / esm-package.md
            
            
              Last active
              May 3, 2024 10:19
            
              
                Pure ESM package
              
          
    Pure ESM package

The package that linked you here is now pure ESM. It cannot be require()'d from CommonJS.
This means you have the following choices:

Use ESM yourself. (preferred)

  Use import foo from 'foo' instead of const foo = require('foo') to import the package. You also need to put "type": "module" in your package.json and more. Follow the below guide.
If the package is used in an async context, you could use await import(…) from CommonJS instead of require(…).
Stay on the existing version of the package until you can move to ESM.


## Dockerfile
FROM hayd/alpine-deno:1.10.1
WORKDIR /src/app

ADD deps.ts ./
RUN ["deno", "cache", "deps.ts"]

ADD *.ts ./
RUN ["deno", "cache", "mod.ts"]

ENTRYPOINT ["deno", "run", "--unstable", "--allow-net", "--allow-hrtime", "--allow-env", "--cached-only", "--no-check", "mod.ts"]

## assigning-static-ip-addresses-in-wsl2.md

      
              1 file
            
          
              20 forks
            
          
              34 comments
            
          
              112 stars
            
          
                wllmsash
                / assigning-static-ip-addresses-in-wsl2.md
            
            
              Last active
              April 18, 2024 23:19
            
              
                Assigning Static IP Addresses in WSL2
              
          
    Assigning Static IP Addresses in WSL2

WSL2 uses Hyper-V for networking. The WSL2 network settings are ephemeral and configured on demand when any WSL2
instance is first started in a Windows session. The configuration is reset on each Windows restart and the IP addresses change each time. The Windows host creates a hidden switch named "WSL" and a network adapter named "WSL" (appears as
"vEthernet (WSL)" in the "Network Connections" panel). The Ubuntu instance creates a corresponding network interface
named "eth0".
Assigning static IP addresses to the network interfaces on the Windows host or the WSL2 Ubuntu instance enables support
for the following scenarios:

  
## static_cgo.md

      
              1 file
            
          
              3 forks
            
          
              3 comments
            
          
              19 stars
            
          
                zmb3
                / static_cgo.md
            
            
              Created
              October 5, 2020 15:45
            
              
                Compile static binaries for Go programs that leverage Cgo.
              
          
    In order to compile a fully static binary when using Cgo you'll need to link in a C library like musl.
I find it convenient to have a Docker image ready for building these artifacts.
FROM golang
RUN wget https://www.musl-libc.org/releases/musl-1.2.0.tar.gz && \
   tar -zf musl-1.2.0.tar.gz && \
   cd musl-1.2.0 && \
 ./configure --enable-static --disable-shared &amp;&amp; \
	From self[at]sungpae.com Mon Nov 8 16:59:48 2021
	Date: Mon, 8 Nov 2021 16:59:48 -0600
	From: Sung Pae <self[at]sungpae.com>
	To: security@docker.com
	Subject: Permissive forwarding rule leads to unintentional exposure of
	containers to external hosts
	Message-ID: <YYmr4l1isfH9VQCn@SHANGRILA>
	MIME-Version: 1.0
	Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="QR1yLfEBO/zgxYVA"
	#!/bin/bash

	gdb -p "$1" -batch -ex 'set {short}$rip = 0x050f' -ex 'set $rax=231' -ex 'set $rdi=0' -ex 'cont'
	"""
	This is based on https://en.wikipedia.org/wiki/Ramer%E2%80%93Douglas%E2%80%93Peucker_algorithm,
	with the requirement that the maximum norm is used for distance calculations.

	The algorithm is as follows, described for R^2, but it is easily extensible to
	arbitrary dimensions >2:
	- given points p_1, ..., p_n, we start by constructing our funnel
	by calculating
	dp_1 = (p_2 - p_1)
	x_1_top = (dp_1_y + epsilon) / dp_1_x
	let
	pkgs = import <nixpkgs> {};
	inherit (pkgs) lib;
	src = pkgs.fetchgit {
	url = "https://gitlab.com/NickCao/RAIT";
	rev = "e84e803641ec3a2dce5670275ea8d5497608f483";
	fetchSubmodules = false;
	deepClone = false;
	leaveDotGit = false;
	sha256 = "sha256-vaRPmHrom4GEOuAdILzFpttc4vwcRVQWhLNalCco2qE=";
	from bcc import BPF
	import ctypes

	bpf_text ="""
	#include <linux/ptrace.h>
	#include <linux/sched.h> /* For TASK_COMM_LEN */
	#include <linux/icmp.h>
	#include <linux/ip.h>
	#include <linux/netdevice.h>
	/**
	* Running the fast-check property-based testing library in the Deno
	* JavaScript/TYpeScript runtime.
	* See: https://github.com/dubzzz/fast-check
	*
	* This file contains all the 'simple' examples from the fast-check
	* repo using Deno.test for the test functions and assertions
	* from the Deno standard library. I also added some missing type
	* annotations.
	*
	FROM hayd/alpine-deno:1.10.1
	WORKDIR /src/app

	ADD deps.ts ./
	RUN ["deno", "cache", "deps.ts"]

	ADD *.ts ./
	RUN ["deno", "cache", "mod.ts"]

	ENTRYPOINT ["deno", "run", "--unstable", "--allow-net", "--allow-hrtime", "--allow-env", "--cached-only", "--no-check", "mod.ts"]