Kyle Quest (the DockerSlim guy)
@kcqon.bsky.social
AI-native software security maintenance (AutonomousPlane) * CTO/Founded (Slim dot AI) * Created DockerSlim / SlimToolkit / MinToolkit * 50 Shades of Golang * Big & Small Data * Security * eBPF * Containers * Cloud Native
The seccomp profile breaks the exploits with network related calls, which is pretty nice. Not really a solution if the Lua script simply crashes the server. A nice & cheap mitigation is to either disable EVAL or rename it if you really need it. You can't exploit EVAL if it's no longer called EVAL 🙂
October 11, 2025 at 8:00 PM
The seccomp profile breaks the exploits with network related calls, which is pretty nice. Not really a solution if the Lua script simply crashes the server. A nice & cheap mitigation is to either disable EVAL or rename it if you really need it. You can't exploit EVAL if it's no longer called EVAL 🙂
A nice opportunity to explore Zig... Finally got a chance to learn a little bit about it :)
September 30, 2025 at 12:52 AM
A nice opportunity to explore Zig... Finally got a chance to learn a little bit about it :)