Comment by jacquesm
4 days ago
There are minimum standards for deployment to the open web. I think - and you're of course entirely free to have a different opinion - that those are not met with this code.
4 days ago
There are minimum standards for deployment to the open web. I think - and you're of course entirely free to have a different opinion - that those are not met with this code.
Yes, I have lots of opinions!
I guess the question at spotlight is: At what point would your custom server's buffer overflow when reading a header matter and would that bug even exist at that point?
Could a determined hacker get to your server without even knowing what weird software you cooked up and how to exploit your binary?
We have a lot of success stories born from bad code. I mean look at Micro$oft.
Look at all the big players like discord leaking user credentials. Why would you still call out the little fish?
Maybe I should create a form for all these ahah.
> Could a determined hacker get to your server without even knowing what weird software you cooked up and how to exploit your binary?
Yes.
Yes but how? After the overflow they still have to know the address of the next call site and the server would be in a UB state.
5 replies →