Conversation

Notices

1. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 07-Feb-2024 02:52:32 JST Haelwenn /элвэн/ :triskell:

   • Sexy Moon
   • kaia
   • :suya:
   @newt @kaia @Moon I think their worst one is getting a vulnerability in strings(1).
   
   https://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html
   
   So basically "PSA: Don't use GNU software on untrusted files".
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Wednesday, 07-Feb-2024 02:53:10 JST Sexy Moon

     in reply to

     • kaia
     • :suya:
     @lanodan @kaia @newt
     
     $ strings untrusted_binary | sh
     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 07-Feb-2024 02:55:14 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Sexy Moon
     • kaia
     • :suya:

     @Moon @kaia @newt Well with that vuln you probably don't even need the | sh, which would be a pebkac.

   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 07-Feb-2024 03:14:04 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Sexy Moon
     • kaia
     • :suya:
     • Johnny Peligro
     @mischievoustomato @kaia @Moon @newt Well for once, the busybox implementation is the superior one: https://git.busybox.net/busybox/tree/miscutils/strings.c
     
     But well it's a trivial program.
   • Embed this notice
     Johnny Peligro (mischievoustomato@rebased.taihou.website)'s status on Wednesday, 07-Feb-2024 03:14:05 JST Johnny Peligro

     in reply to

     • Sexy Moon
     • kaia
     • :suya:
     are you kidding me
     what are you supposed to do the lmao