How to gain root access by exploiting wrongly designed setuid executables.
How to gain root access by using a Docker engine running with default configuration.
I used to manage a dozen VPS since many years: Zabbix, Gitlab/Gitlab CI, private docker registry, production environment (3 nodes docker swarm cluster), database server (MariaDB & MongoDB), blog server (running Ghost), logs collector (Graylog), etc… I was spending a consequent amount of money & time for all these VPS, and it was time to change. From Ghost to Hugo One of the most important thing I run is this blog.
I wanted to write a quick off-topic article about the ongoing coronavirus pandemia since there’s a lof of false opinions and fake news on this topic. This virus (SARS-CoV-2) is deadly and not really comparable to the flu, it is at least much more contagious. (We don’t know anything about the death rate yet, since the pandemia is ongoing). You shouldn’t treat it lightly. Not staying home will cause a lot of deaths in the months to come because of the overwhelming of your country healthcare system.
We’ve been experiencing very strange memory leak in our Java application servers at work: when deploying new version of a micro service, the JVM process was running out of memory and consequently crash leading to service outage. After a bit of research, it looked like that these kind of errors were very common with this application server, especially when deploying application without restarting the server from time to time. The common fix was to restart the JVM process before putting in production, preventing any out of memory (but not the memory leak).
I have written an article on the provisioning of a Docker Swarm cluster from scratch (you can read it here) and I have received a lot of comments stating that docker swarm is dead and that I should be moving to Kubernetes instead. What happened to docker? For those who were not aware, Mirantis (a cloud provider) has bought Docker enterprise in nov. 2019. Just after that, Mirantis has written a blog post to announce the news:
As you may already know, I have launched, with a Friend, an Android application to customize phone wallpapers randomly. The development of the app itself only took us 2 months and was quite fun. The release was really exciting and the first feedback from real users was encouraging. However, things didn’t go as planned… Referral program failure Our first idea to grow our user base was to introduce a referral program.
Since I have containerized my whole develoment workflow, from testing to production, I needed a docker registry to centralize my private images and ensure their deployment. I didn’t wanted to use Docker Hub or Github Packages because the images would be publicly available. Therefore I have started searching for existing private registry providers… What’s a docker registry again? In a nutshell, a docker registry is a server used to upload (push) & download (pull) docker images.
This article is part of a series about Docker Swarm. For the first article please check here. On this short tutorial you’ll learn how to deploy securely the Traefik built-in dashboard with HTTPS support and basic authentication system. This article assume that you have a working Docker Swarm cluster with Traefik running with HTTPS support. If not you can following this article to get started. Traefik 2.0 has introduced a brand new dashboard app that allows a quick view on the configuration.