Does protection from good and evil kill the host of an Intellect Devourer?

The description of the Intellect Devourer in the MM and SRD says

A protection from evil and good spell cast on the body drives the intellect devourer out. … By spending 5 feet of its movement, the intellect devourer can voluntarily leave the body, teleporting to the nearest unoccupied space within 5 feet of it. The body then dies, unless its brain is restored within 1 round.

Is a character functionally dead immediately upon losing a contest of Intelligence vs an Intellect Devourer? [barring a wish spell]. It seems rather draconian for a CR2 creature, if so. [Hell, even if not so, requiring one of those two specific spells seems rough even if one is a 1st level spell, that is assuming it even helps]

Does the host or guest own a Familiar cast via a possessing ghost?

Grundy the Grumpy Ghost a (formerly) chaotic evil 1st level wizard makes use of the nearby ritual spell Find Familiar carved in a stone wall. As a ghost he cannot cast such spells, so he takes control of three (3) different lawful and good hosts at different times. Through them he summons three ‘celestial’ familiars for: Anna the Adamant (‘A’), Barnie the Brave (‘B’), and, Cynthia the Cleric (‘C’). There are plenty of material components nearby and somehow they all suck at saving throws.

He casts this spell from each host. After the first three casts, ‘A’ dies and is brought back via miraculous magicks (revivification, raised, resurrected &/or reincarnated probably cast by C, who is a cleric) – so G re-possesses and recasts Find Familiar on ‘A’ again. B’s familiar is slain, so G re-possesses and re-casts with that host, ‘B’, as well. C, not trusting G in the least, has her familiar magically Banished – so G re-possesses and re-casts Find Familiar with ‘C’ as well.


Question: Who Gets A Familiar Through A Host-Ghost?


  1. The caster gets it, and the caster is obviously the spirit or ghost. As such ALL of the summoned familiars are just the same poor celestial familiar returning-respawning each and every time. Each casting simply re-summons the same tired spirit over and over again.

  2. A ghost leaving the body no longer has claim to any familiar. As each ‘host’ comes complete with a body and soul – the celestial familiar must bond with the original body-soul combo, the one that did the physical ritual (with the physical material components). The physical aspects and components of the spell determine which physically living body the familiar binds to.

  3. When any ghost or spirit leaves a body, it is similar to a ‘death’ of sorts. The fact that there is still a spirit in there (the spirit of the original host-body) doesn’t matter – any claim or bond is LOST in the process of the ghost’s leaving the host-home. The familiar WAS bound to the ghost (with a living body) upon casting, sure – but when the ghost leaves the celestial-familiar is as FREE to do whatever it wants.

  4. Assume the familiar bonds with Target A. When ‘A’ dies, the familiar is just fine and a FREE agent. Resurrecting ‘A’ does NOT restore the familiar bond (‘not in spell description’)! On recasting the spell must find a brand-new familiar for A. A and the original A-familiar will recognize one another but never be bound ever again (short of a ‘Wish’ spell). Contrast this with ‘B’ when the B-familiar dies (or is slain) – the returning ghost-spirit is effectively an entirely new casting. A ‘new’, original and entirely different celestial familiar may show up, pending where the old one is now bound.

  5. Banishing a familiar logically breaks bonds! C may get an entirely new celestial familiar – or perhaps the original (now bitter & upset) C-familiar.

  6. Familiars are sentient spirits and independent creatures and therefore have choice and freewill. When effectively summoned by a combo ghost-host team, the familiar gets to CHOOSE who they want to serve. A celestial would therefore pick the hosts (‘lawful good’) and not the ghost (‘who is bad’). Or they may simply choose to be free. Or perhaps choose to ‘die’ and return to their plane of existence.

  7. The caster gets to choose the alignment of the familiar. As such, these familiars are all ‘celestial’ yet chaotic evil. Thus they would try to bond with or choose the ghost-caster. But since the caster has cast this through three different hosts, there are three different familiars all bound to the same ghost.


The above ‘rulings’ painfully contradict one another and do not qualify as ‘answers’. I must be wrong on many levels and would like to know what is really going on with the Find Familiar spell and G’s ritual casting six times on three hosts (A, B & C respectively).


Repeat of Question: A ghost possesses a number of persons and casts the ritual spell Find Familiar through them. To whom do the newly minted familiar(s?) ‘bond’ to &/or stay with – or not?

Thank you in advance.

WP_List_Table $current_url points to my actual host rather than the reverse proxy host

I am a novice on the wordpress framework and I am currently using wordpress behind a reverse proxy. Like follows.

Reverse Proxy Domain = https://example.com
My actual Domain = https://example-herokuapp.com

Issue :

  • In wp-admin dashboard when i try to filter posts like orderby date or comments etc in the admin panel. I get a 404 page.
  • Thats because the links are pointing to my actual host ie https://example-herokuapp.com rather than my reverse proxy which is https://example.com

Reason :

  • This seems to be because of the $ current_url attribute wp_list_table which is called from wp-admin/edit.php

  • The current url is defined as follows

    $  current_url = set_url_scheme( 'http://' . $  _SERVER['HTTP_HOST'] . $  _SERVER['REQUEST_URI'] );
  • I came across a very old bug/issue from wordpress https://core.trac.wordpress.org/ticket/16858 , which seems to address this very same problem.

  • It essentially uses a self_admin_url to overcome this issue.

  • The above mentioned patch (https://core.trac.wordpress.org/attachment/ticket/16858/16858.patch) is not available on 5.5.3 (LTS).However the self_admin_url method is available under wp-admin/includes.

Question :

  • How do i change this $ current_url to use self_admin_url().? Should i override $ _Server[‘HTTP_HOST’] in wp-config ? or what is the best practise to change things like this .

  • Or is there a better way to ensure my admin links point to my proxy host rather than my actual host ?

Thanks in advance.

Is it poor practice to host multiple web applications on the same domain, in terms of cookies?

In my web application, I have a single API backend and two frontends written as single page applications. To simplify deployment, I’d like to serve the API on /api, the admin dashboard on /admin, and the end user frontend on /user (or something similar), all on the same domain.

I want to use cookies for handling sessions, for both the end-user and admin apps. Is this a good idea? As I understand it, cookie usage is restricted by their domain. Would it make it simpler for an attacker to steal admin-session cookies from someone logged into both frontends? Or, should I use different domains for the admin and user frontends (admin.mydomain.com and user.mydomain.com)?

/wp-admin not accessible after migrating to local host (no plugin issue)

I migrated my local WordPress site to my WPEngine account and it’s been working without any problem!

After adding some content, I decided to export the database from the live version and import it to my local version so that they are synced. I adjusted the two siteurl and home fields in the database and the home page (https://localhost:8888) comes up well but the /wp-admin page is forced to https and responds with ERR_SSL_PROTOCOL_ERROR error.

All the other pages of the website cannot be loaded and return this error: Not Found The requested URL /news was not found on this server.

It seems like a "permalinks" reset problem for inner pages!

All these problems would go away if I switch the database back to the one I was using for local version so I’m pretty sure it’s a database issue!

Thanks

Does Nmap use only one of the DNS servers specified in the –dns-server flag per host?

When I’m scanning with Nmap, I make an effort to get proper hostnames associated with the target IPs. To do this, I scan UDP 53 on the targets to identify DNS servers and then run something like the following for each identified DNS server:

nmap -sL -v4 --dns-servers DNSSERVER TARGETS 

I have to review the results for each tested DNS server to see how many of the targets it can resolve, and also determine if the resolved targets differ.

The docs seem to imply that if you specify multiple servers in the --dns-servers flag, that it will choose one at random (or round robin). This interpretation comes from the "is often faster" part.

The problem I have is that my scan targets may not all be supported by the same DNS server. In my case, I’d rather specify all identified DNS servers in --dns-servers and have it fail over until it finds one that returns a response. If only one of the specified servers is used, to get accurate results I would need to perform multiple scans, each with a single DNS server specified.

My question is, is it true that the --dns-server flag will use only one of the specified DNS servers, and not try them all?

Is it possible to run commands that exist only on the host on a docker container?

We would like to harden our Docker Image and remove redundant software from it. Our Devs and Ops asked to keep some Linux tools used for debugging on the containers running on our Kubernetes Prod environment.

I’ve read this post: https://www.digitalocean.com/community/tutorials/how-to-inspect-kubernetes-networking

And it made me wonder, is it possible to run commands that exist only on the host, on a container (which those commands have been removed from)?

If so is there a difference between commands that have been removed from the container than ones that the user don’t have permissions to run?

P.S. How do the tools in the above mentioned post work?

Thanks for the help! 🙂

Host filesystem manipulation from docker vs. virtual machine

When reading about docker, I found a part of the documentation describing the attack surface of the docker daemon. From what I was able to understand, part of the argument is that it is possible to share (basically arbitrary) parts of the host filesystem with the container, which can then be manipulated by a privileged user in the container. This seems to be used as an argument against granting unprivileged users direct access to the docker daemon (see also this Security SE answer).

Would the same be possible from a virtual machine, e.g. in VirtualBox, which on the host is run as an unprivileged user?

A quick test where I was trying to read /etc/sudoers on a Linux Host from a Linux guest running in VirtualBox did produce a permission error, but I would not consider myself an expert in that regard in any way nor was the testing very exhaustive.