Joseph Price

FOSS advocate in a Windows world...

CVE-2020-15228 redux: Azure DevOps Pipelines RCE

Reading hackernews, I came across Issue 2070: Github: Widespread injection vulnerabilities in Actions. While I've yet to use github actions seriously, I recognised the feature described as near idential to Azure DevOps' "Logging Commands" and decided to look at whether they were vulnerable to the same issue. They are:

Continue Reading →

Restic backups to B2 without delete

Since setting up restic to back up to b2 I had embarassingly missunderstood the following UI wording around lifecycle settings: I had assumed that this meant that all versions of the file would be maintained, no matter what clients did. The B2 docs…

Continue Reading →

Multi-repos KISS

I have never worked in a monorepo professionally.

Continue Reading →

LXD performance observation

You might want to consider enabling tmpfs...

Continue Reading →

AppArmor hat & child profiles

My last post omitted the real reason I hadn't swapped to OnlyOffice was that I was too lazy to look further into apparmor. Allowing dash to inherit the php permissions with /bin/dash ix, is one solution but for other reasons, I wanted to write a more contained profile to spawn dash within. Searching the internet & reading my favourite apparmor docs didn't enlighten.

Continue Reading →