Hacker News new | ask | show | jobs
by JStanton617 1922 days ago
Yes. The code you're running is described as having "random sleeps added to “fix” race conditions, validation functions that just returned true, catastrophic cryptographic vulnerabilities, whole parts of the protocol unimplemented, kernel panics, security bypasses, overflows, random printf statements deep in crypto code, the most spectacular buffer overflows"

This is a kernel RCE just waiting to happen.
2 comments
Godel_unicode 1922 days ago
Anyone who wants to be able to throw some crypto CVEs on their resume could do worse than spending some quality time with this code.
link
api 1922 days ago
> random sleeps added to “fix” race conditions

That's just horrifying. It shows someone who knows next to nothing about multithreaded code and is kludging their way through. Not someone you want within a hundred feet of anything other than maybe front-end web, and even there they're going to be the kind of person who blocks the node.js event loop (because async coding is like the junior cousin of multithreading).

link