ChanServ changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things Sandstorm and Cap'n Proto. Say hi! | Have a question but no one is here? Try asking in the discussion group: https://groups.google.com/group/sandstorm-dev | Channel logs available at https://libera.irclog.whitequark.org/sandstorm
TMM_ has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
TMM_ has joined #sandstorm
koo6 has joined #sandstorm
falsifian has quit [Ping timeout: 265 seconds]
falsifian has joined #sandstorm
koo6 has quit [Ping timeout: 240 seconds]
xet7 has quit [Remote host closed the connection]
xet7 has joined #sandstorm
xet7 has quit [Remote host closed the connection]
koo6 has joined #sandstorm
koo7 has joined #sandstorm
koo6 has quit [Ping timeout: 252 seconds]
koo6 has joined #sandstorm
koo7 has quit [Ping timeout: 252 seconds]
xet7 has joined #sandstorm
<isd> New Linux kernel root privilege escalation vulnerability, which has been lurking since 2014: https://www.openwall.com/lists/oss-security/2021/07/20/1. Sandstorm blocks it :P
<TimMc> "Our exploit requires approximately 5GB of memory and 1M inodes"
<TimMc> Blocked via resource limits?
<Aziraphale> sounds like some games
<Aziraphale> otoh, I've a few servers where 5G of RAM and a million inodes are just noise
TMM_ has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
TMM_ has joined #sandstorm
<TimMc> joke's on them, my raspberry pi doesn't even *have* that much RAM
<isd> You need /proc and the ability to unmount() (via userns); we provide neither.
<isd> (They suspect you might be able to do it via fuse, but we don't provide that either)
<isd> At some point or another we should add hard resource caps, but we haven't done so yet
xet7 has quit [Remote host closed the connection]
koo6 has quit [Ping timeout: 255 seconds]