HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dnet

no profile record

Submissions

Unauthenticated RCE as Qsecofr via IBM i Management Central

blog.silentsignal.eu
2 points·by dnet·上個月·0 comments

comments

dnet
·4 個月前·discuss
In newer versions, it's disabled by default and you have to do something like this to enable in ~/.ssh/config:

    Host *
    EnableEscapeCommandline yes
dnet
·7 個月前·discuss
See https://doctorow.medium.com/como-is-infosec-307f87004563

> This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.
dnet
·10 個月前·discuss
I assume the scanner is a separate library/service that receives the contents and returns a boolean safe/malicious result, and the implementation using MD5 to avoid expensive re-scans is an internal detail hidden from the caller.
dnet
·11 個月前·discuss
While the default is indeed to lock the entire database, it has been an option for 15 years to avoid this: https://www.sqlite.org/wal.html