Hacker Newsnew | comments | show | ask | jobs | submit login

"Massive security hole" needs to be added to that list of problems :)



Done:

http://github.com/tenderlove/neversaydie/commit/b686cf5ebc08...

-----


On the other hand, it's easy to audit for: "links to NeverSayDie: failure."

-----


Why is that a security hole? I suppose it might make it harder to detect an existing one, but it doesn't add a security hole in it's own right.

-----


According to POSIX, after a SIGSEGV, the state of the program is undefined. This is the reason that a SIGSEGV usually causes an immediate abort. Allowing a program to execute when its state is undefined is a huge security hole.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: