Hacker News new | past | comments | ask | show | jobs | submit login

This seems to be a recurring topic: If you're writing an application, why bother hardcoding a path to a git version with a known RCE? You're already running on the machine.

Hell, if you want to hide your fault, bundle a random tool or lib that you know have an issue and exploit that. It'll be much more stable than relying on a local binary.




*If you're writing an EVIL application, that is.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: