Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.satoshishop.de/users/mk/statuses/111844177065530737">mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 18:25:09 JST</a><a href="https://mastodon.satoshishop.de/@mk" title="mk@mastodon.satoshishop.de"><img src="https://gnusocial.jp/avatar/78235-48-20221221014052.webp" width="48" height="48" alt="mk" style="position: absolute; left: 0; top: 0;">mk</a><div><a href="https://poa.st/objects/681a63d6-0ccb-4822-bd5f-9aac1e53e642" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/48106" title="theorytoe@ak.kyaruc.moe">T man :sex: :puffgiga: :puffpowerroll:</a></li><li><a href="https://gnusocial.jp/user/239051" title="rgbcube@poa.st">RGBCube</a></li></ul></div></section><article><p><a href="https://poa.st/users/RGBCube">@RGBCube</a> <a href="https://ak.kyaruc.moe/users/theorytoe">@theorytoe</a> <a href="https://qoto.org/@bonifartius">@bonifartius</a> </p><p>ok..to make it even simpler for you..</p><p>- there's a webservice running.<br>- it gets hacked.<br>- the hacker owns the webservice (the process)</p><p>is it harder or easier for the attacker to own the host system if..</p><p>scenario 1: process is isolated from the host system via cgroups and namespaces.</p><p>scenario 2: process is NOT isolated from the host system via cgroups and namespaces.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2649344#notice-5259773">In conversation</a><time datetime="2024-01-30T18:25:09+09:00" title="Tuesday, 30-Jan-2024 18:25:09 JST">about 10 months ago</time> <span>from <span><a href="https://mastodon.satoshishop.de/@mk/111844177065530737" rel="external" title="Sent from mastodon.satoshishop.de via ActivityPub">mastodon.satoshishop.de</a></span></span><a href="https://mastodon.satoshishop.de/@mk/111844177065530737">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 18:25:09 JSTmk
in reply to
@RGBCube @theorytoe @bonifartius
ok..to make it even simpler for you..
- there's a webservice running.
- it gets hacked.
- the hacker owns the webservice (the process)
is it harder or easier for the attacker to own the host system if..
scenario 1: process is isolated from the host system via cgroups and namespaces.
scenario 2: process is NOT isolated from the host system via cgroups and namespaces.
In conversationabout 10 months ago from mastodon.satoshishop.depermalink

Public

Embed Notice

HTML Code

Corresponding Notice