Not discrediting Open Source Software, but nothing is 100% safe.

  • Dr. Jenkem
    link
    fedilink
    English
    131 year ago

    See the first bullet point. I was referring to any code that is distributed.

    Yeah, there’s no way to really audit code running on a remote server with the exception of fuzzing. Hell, even FOSS can’t be properly audited on a remote server because you kind of have to trust that they’re running the version of the source code they say they are.

    • EuphoricPenguin
      link
      fedilink
      English
      11 year ago

      You can always brute force the SSH login and take a look around yourself. If you leave an apology.txt file in /home, I’m sure the admin won’t mind.

      • Dr. Jenkem
        link
        fedilink
        English
        11 year ago

        Lol, unlikely SSH is exposed to the net. You’ll probably need an RCE in the service to pop a shell.

        • EuphoricPenguin
          link
          fedilink
          English
          1
          edit-2
          1 year ago

          That’s not universally true, at least if you’re not on the same LAN. For example, most small-scale apps hosted on VPSs are typically configured with a public-facing SSH login.