David Leadbeater
@legacydgl.bsky.social
Old account. Follow @dgl.cx.
Monitoring 📊, SRE, Open Source, Security 🔐. Emoji fan 🦸♂️. Just your average cynical Brit 🇬🇧 in 🇦🇺. He/him.
👨💻 → https://dgl.cx
Monitoring 📊, SRE, Open Source, Security 🔐. Emoji fan 🦸♂️. Just your average cynical Brit 🇬🇧 in 🇦🇺. He/him.
👨💻 → https://dgl.cx
I apparently don’t understand how Bluesky works, this account was @dgl.cx but I switched it to use @ap.brid.gy by changing the DNS records. However there doesn’t seem to be a Mastodon like way to migrate followers. So you might need to refollow this same handle @dgl.cx to get future updates.
December 6, 2025 at 9:16 PM
I apparently don’t understand how Bluesky works, this account was @dgl.cx but I switched it to use @ap.brid.gy by changing the DNS records. However there doesn’t seem to be a Mastodon like way to migrate followers. So you might need to refollow this same handle @dgl.cx to get future updates.
You have a bash command line of "exec program ..." and you control "..." can you make it do something different? What if it is somewhat sanitised for shell metacharacters? If you can inject $[+] it will make bash error on that line and run the next. This is how dgl.cx/2025/10/bash... works.
Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984)
dgl.cx
October 7, 2025 at 6:19 AM
You have a bash command line of "exec program ..." and you control "..." can you make it do something different? What if it is somewhat sanitised for shell metacharacters? If you can inject $[+] it will make bash error on that line and run the next. This is how dgl.cx/2025/10/bash... works.
I'll be speaking at BSides Canberra: cfp.bsidescbr.com.au/bsides-canbe... -- this will cover my recent find of an RCE in Git (dgl.cx/2025/07/git-...) and how that and some other vulnerabilities could be used against developers.
Developers, the weakest link in the supply chain? BSides Canberra 2025
Supply chain security is a topic which has been raised in profile in recent years through events such as the xz backdoor. In the open source world trust matters a lot. While trust is mostly gained thr...
cfp.bsidescbr.com.au
July 31, 2025 at 1:02 AM
I'll be speaking at BSides Canberra: cfp.bsidescbr.com.au/bsides-canbe... -- this will cover my recent find of an RCE in Git (dgl.cx/2025/07/git-...) and how that and some other vulnerabilities could be used against developers.
New blog post: Ghostty 1.0.0 terminal security; dgl.cx/2024/12/ghos... (CVE-2024-56803)
Déjà vu: Ghostly CVEs in my terminal title
dgl.cx
December 31, 2024 at 11:35 PM
New blog post: Ghostty 1.0.0 terminal security; dgl.cx/2024/12/ghos... (CVE-2024-56803)