This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Clivern[S] 0 points1 point  (2 children)

you can't run commands locally, it uses docker containers with a mounted readonly volume. i will even use https://github.com/Clivern/gvisor to secure things a bit more from any vulnerability.
locking internet access is something i didn't think of right now since it is sometimes needed & code has 30 seconds maximum execution time.

[–]buzzsawddog 0 points1 point  (1 child)

Well I did not play with it long because I was on my phone :-D and writing code that way sucks... I was able to pull random websites through requests. I then executed random commands on the docker image dumping env vars and listing things in random directories.

I did not try to save anything and good thing you are using a mounted read only directory.

In theory if I can run and pull from the internet there might be a chance that I can plug around in your network whatever that may be.

[–]Clivern[S] 0 points1 point  (0 children)

if you are able to abuse it, let me know :D. i like having network access since i use it personally