|
|
|
|
|
|
by mwcampbell
4445 days ago
|
|
|
I'm surprised nobody has mentioned containers, e.g. Docker, as a way of limiting the damage from this kind of bug. In a container whose only purpose is to run the application, /etc/passwd should be as uninteresting as: root:x:0:0:root:/:/bin/sh
bin:x:1:1:bin:/dev/null:/sbin/nologin
nobody:x:99:99:nobody:/dev/null:/sbin/nologin
app:x:100:100:app:/app:/bin/sh
|
|
|