Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for macOS, additional IP formats, and to drop privileges #47

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

acjordan2
Copy link

Changes Submitted:

  • [Security] Application will drop privileges by default if running as the root account.

    • By default the user is nobody but this can be configured via the -dropToUsername <username> argument or disabled via the -dontDropPrivileges.
  • [Bug Fix] Application now compiles and runs on macOS.

    • The TProxy syscall does not appear to have an equivalent on macOS. Moving this feature to its own platform specific file, singularity_linux.go, allows singularity to be compiled and run on macOS.
  • [Feature] Added support for base 10 encoded IP addresses.

    • I ran into a case where I had an SSRF that was also vulnerable to DNS rebinding, however, exploitation limited the amount of subdomains I was able to use. I was able to get around this by patching singularity to also allow base 10 encoded IP address. The original functionality is unchanged. e.g: s-8.8.8.8-127.0.0.1-1-fs-e.dynamic.example.com becomes s-134744072-2130706433-1-fs-e.dynamic.example.com

@sanktjodel
Copy link
Collaborator

Thank you for your contribution. We will consider merging each feature individually in future improvements.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants