Not discrediting Open Source Software, but nothing is 100% safe.

  • Dr. JenkemA
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    See the first bullet point. I was referring to any code that is distributed.

    Yeah, there’s no way to really audit code running on a remote server with the exception of fuzzing. Hell, even FOSS can’t be properly audited on a remote server because you kind of have to trust that they’re running the version of the source code they say they are.

    • EuphoricPenguin@normalcity.life
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      You can always brute force the SSH login and take a look around yourself. If you leave an apology.txt file in /home, I’m sure the admin won’t mind.

      • Dr. JenkemA
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Lol, unlikely SSH is exposed to the net. You’ll probably need an RCE in the service to pop a shell.

        • EuphoricPenguin@normalcity.life
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          That’s not universally true, at least if you’re not on the same LAN. For example, most small-scale apps hosted on VPSs are typically configured with a public-facing SSH login.