-
User namespace and kernel capability
A lot of kernel reachable code is only available from an already-privileged user. To restrict features for unprivileged user, the kernel generally uses capabilities. Ubuntu enabled unprivileged user namespace by default, which gives kernel exploit more attack surface. Nowadays most kernel modules are guarded by different capabilities, such as CAP_NET_ADMIN, CAP_NET_RAW. To trigger a vulnerability that…
-
二十四年
我会短暂地爱一个人,也能长久地爱一个人,但最终都会爱上别的人。逃跑大概是出于自我保护,不用承担责任总比承担了又让人失望来得好。即便爱情不是个好东西,我还是相信爱情的,我只是不相信自己。
-
Switch Dashlane to Bitwarden
I’ve been using Dashlane for years, it’s the best password management software I ever used, even when I made the decision that migrating all my passwords to Bitwarden, I still believe no other password management software can compete with Dashlane. So why did I abandon Dashlane anyway and embrace an ugly, incomplete, open-source password management…
-
一个女人和另一个女人
小树儿毕业后去了一家影楼,他作为摄影师助理承担着所有的苦力。他从小热爱艺术,摄影并不是他的第一追求,他画画,写诗,想做编剧,我还留着14岁他给我捏的的陶土。
-
哈瓦那的夜港
14年高二,喜欢隔壁班一个女生,一个晚自习,第一次给她写诗,让她喜欢得不得了。那是我第一次看见人类眼里的星芒。