delirium happy

Just keep on trying till you run out of cake

Previous Entry Share Next Entry
there's a hole in my lj, dear liza, dear liza...
delirium happy
Holy cow. I just found a security bug in LJ. It's not major but it's still fairly bad. And no, I'm not going ho say what it is, for mind numbingly obvious reasons. Still, I'm somewhat surprised that it existed, and even more surprised that I found it. Eek.

(Yes, I have reported it to appropriate people)

  • 1
Why? Given the size of the codebase, I would be amazed if there weren't lots more.

It's very easy to make a security bug without even noticing, just at the design stage. And then there's coding, where you can introduce lots of lovely bugs. For instance - until I tracked it down, every time I submitted a post in Adversaria, it gave me root permissions. It never even *sets* root permissions, but it still exited with them... :-)


Suddenly you're left wondering just how secure those locked posts are ...


  • 1

Log in

No account? Create an account