Hacker News new | ask | show | jobs
by antocv 4287 days ago
> or call system() to gzip something

Are you serious, who the hell does that!?

Any half-assed language has a zip implementation, use that. Any non-boring language has image-magick binding to that library.

This bug affects complete idiots.
1 comments
seanp2k2 4287 days ago
>This bug affects complete idiots

Consider how many people touch an enterprise system, or even a system at a smaller shop. Consider how many people touch shared hosting servers or even dedicated boxes.

Do /you/ trust all of them, along with all the authors of all the software exposed to the web (or touched by something exposed to the web) on that system?

link
devicenull 4287 days ago
On shared hosting systems, you have to design the system with the assumption that someone is always compromised. So, additional accounts getting compromised should just be business as usual.

Seriously, if you're on shared hosting, it's almost certain that at least one person on the server is compromised/malicious

link