Blog Entries

No PIE for you!

You are a software vendor. You distribute software on multiple operating systems. Let’s say your software is a mildly popular internet browser. Let’s say its logo represents an animal and a globe. Now, because you care about the security of your users, let’s say you would like the entire address space of your application to […]

2014-10-03 18:00:03+0100

p.d.o, p.m.o | 8 Comments »

So, hum, bash…

So, I guess you heard about the latest bash hole. What baffles me is that the following still is allowed: env echo='() { xterm;}’ bash -c “echo this is a test” Interesting replacements for “echo“, “xterm” and “echo this is a test” are left as an exercise to the reader. Update: Another thing that bugs […]

2014-09-25 09:43:14+0100

p.d.o, p.m.o | 8 Comments »