GustavoM @ GustavoM @lemmy.world

Definitely Not GustavoM. :^)

---

Read more

Posts

44

Comments

707

Joined

2 yr. ago

Eh...the usual "FROM: alpine:edge", pull everything in with git, change the code as needed, static compiling everything, strip dead code out of the binary, send the binary in a scratch image and then assigning a non-root user to it.

Any distro is “stable” if you know how to use it.

A-bleeping-men. All GNU/Linux distros are equally good.

Oh. Thank you then. :p

Eh, I don't have anything "complex" to add, other than buying a raspberry pi and using it as a DNS sinkhole/recursive dns under docker/ipvlan network, and then "hiding" it behind a macvlan connection + ufw. Been doing this over several years and never had any problems with it. You can even use it as a music player of sorts by configuring a hotkey to bring up mpv with a playlist, and another one to close it. Oh, and even as a "live stream player 24/7" if you are into it.

Eh, that was meant to be a slight mockery for "ex-redditors" (since they are mostly composed of "downvote-happy" users).

Because I'm doing this as a "self-learning" process. Plus, docker is an excellent tool and even "silly" images like this one can give me an edge while looking for (more) jobs, so there's that. Coding could grant me the same "edge" as well yes, but docker has "more value" since it requires you to code -AND- to have some knowledge/depth regarding typical "dockerization" processes.

Glad to hear! Thanks.

"But can Linux install things via a single .exe file? HAHAH EAT IT NERD!"

10'ish years ago past me, before discovering the magical wonders of the package manager

Stop talkimg about your ex, Cartman.

I don't really have a "better distro" preference -- all distros can be tweaked and optimized equally, with no benefits from one another. And yes, even Ub(l)untu.

I already talked about it in this thread -- it shows my sudoer username on both columns.

Just adding more (relevant) info, since its my "security hole" as of now. As mentioned in the OP.

No. ps aux remains the same. And yes, "My sudoer username" is my non-root user with sudo privileges. Therefore, the "sudoer".

And I'm not really "pulling my hair out" because of this, honestly -- just curious if this can be mentioned as a hack, a hack attempt, or whatevertheheck. Because this is the first time in my entire life that this happened with me, so yep.

-rw-rw-r-- 1 $sudoer $sudoer $date $createdfilename.

No and yes. And it returns me only a single line with $mysudoerusername 28596 0.0 0.1 5896 2016 pts/0 5+ 15:52 0:00 grep nano.

Just did it, and it shows my sudoer username with ownership of the created file. umask returns me 0002.

Alright, first one returned me "bash: alias: nano: not found". Second one, "nano is hashed (/usr/bin/nano)". Third one, my sudoer username. And the fourth one shows my sudoer username at the top of the list, with both uid and gid at 1000.

And I honestly can't really think of much to add, other than the username in the docker image being completely nonexistant (It's just a bunch of numbers, and it doesn't even have a name). I don't know, maybe someone managed to breach the container and gave this "nonexistant user" root privileges but haven't managed to do much or something like that. I'm not that much of a tech savvy, but I guess it doesn't hurt to try to guess something. Maybe there is something inside the container? Idk, I'm gonna (try to) check it out (It's a "distroless" image -- it doesn't even have a shell in it.).

i.e file is created (as non-root), trying to remove the file (once again, as non-root) gives me a "rm: cannot remove 'dir/file.name': Permission denied" error message.

Try an ls -l $(which nano) and look at the permissions section of the output.

Just did it -- output is -rwxr-xr-x 1 root root 274816 Feb 19 2022 /usr/bin/nano. Now I'm really confused. Still, I appreciate your input.

Clippy is back from the dead eh?