zlacker

[parent] [thread] 5 comments
1. jakels+(OP)[view] [source] 2025-12-17 21:50:24
I fixed it, apologies for the misinformation.
replies(2): >>Eduard+sb >>3np+Kg
2. Eduard+sb[view] [source] 2025-12-17 22:57:18
>>jakels+(OP)
I still see Puppeteer mentioned several times in your post and don't understand what that has to do with Umami, nextjs, and/or CVE-2025-66478.
3. 3np+Kg[view] [source] 2025-12-17 23:32:32
>>jakels+(OP)
It still says:

> IT NEVER ESCAPED.

You haven't confirmed this (at least from the contents of the article). You did some reasonable spot checks and confirmed/corrected your understanding of the setup. I'd agree that it looks likely that it did not escape or gain persistence on your host but in no way have you actually verified this. If it were me I'd still wipe the host and set up everything from scratch again[0].

Also your part about the container user not being root is still misinformed and/or misleading. The user inside the container, the container runtime user, and whether container is privileged are three different things that are being talked about as one.

Also, see my comment on firewall: >>46306974

[0]: Not necessarily drop-everything-you-do urgently but next time you get some downtime to do it calmly. Recovering like this is a good excercise anyway to make sure you can if you get a more critical situation in the future where you really need to. It will also be less time and work vs actually confirming that the host is uncontaminated.

replies(1): >>jakels+pi
◧◩
4. jakels+pi[view] [source] [discussion] 2025-12-17 23:43:43
>>3np+Kg
I did see your comment on Firewall, and you're right about the escape. It seems safe enough for now. Between the hacking and accidentally hitting the front page of HN it's been a long day.

I'm going to sit down and rewrite the article and take a further look at the container tomorrow.

replies(2): >>3np+gm >>microt+F31
◧◩◪
5. 3np+gm[view] [source] [discussion] 2025-12-18 00:13:25
>>jakels+pi
Hey, thanks for taking the time to share your learnings and engage. I'm sure there are HN readers out there who will be better off for it alongside you!

(And good to hear you're leaving the LLMs out of the writing next time <3)

◧◩◪
6. microt+F31[view] [source] [discussion] 2025-12-18 08:13:42
>>jakels+pi
Before rewriting the article, roll out a new server. Seriously. It seems you do not have the skills yet to do a proper audit. It’s better to roll out a pristine server. If that is a lot of work, it is a good moment to learn about declarative system configuration.

At any rate, this happening to you sucks! Hugs from a fellow HN user, I know that things like this can suck up a lot of time and energy. It’s courageous to write about such an incident incident, I think it’s useful to a lot of other people too, kudos!

[go to top]