Comment by nurettin

Comment by nurettin 4 days ago

7 replies

View on Hacker News

Yes, I have lots of opinions!

I guess the question at spotlight is: At what point would your custom server's buffer overflow when reading a header matter and would that bug even exist at that point?

Could a determined hacker get to your server without even knowing what weird software you cooked up and how to exploit your binary?

We have a lot of success stories born from bad code. I mean look at Micro$oft.

Look at all the big players like discord leaking user credentials. Why would you still call out the little fish?

Maybe I should create a form for all these ahah.

frumplestlatz 3 days ago

> Could a determined hacker get to your server without even knowing what weird software you cooked up and how to exploit your binary?

Yes.

Reply View 6 replies
  • nurettin 3 days ago

    Yes but how? After the overflow they still have to know the address of the next call site and the server would be in a UB state.

    Reply View 5 replies
    • frumplestlatz 2 days ago

      UB state doesn’t mean totally uncontrollable or opaque.

      There are lots of ways the server could leak information about its internal state, and exploits have absolutely been implemented in the past based only on what was visible remotely.

      Reply View 0 replies
    • jacquesm 3 days ago

      The code is on github. Figure out a way to get a shell through that code and you're hosed if someone recognizes it in active use.

      Reply View 3 replies
      • nurettin 2 days ago

        I mean tha hacker won't know what software is running on the server, unless the server announces itself which can be traced to the repo, but then, why ?? Who cares about this guy's vps? This whole thread makes no sense to me and I'm the only one questioning.

        Reply View 2 replies