25 Oct '13, 6pm

Possible safety issues if you are not using the latest batch of cocaine

Update Your Gems: Security Vulnerability in Cocaine jyurek October 25, 2013 cocaine open-source security ruby We were recently informed of a security vulnerability in cocaine , our gem for running shell commands. There is lots of work done in cocaine in order to make sure that nasty things like someone passing in rm -rf / into a command won’t actually do anything to your systems. But Holger Just was able to point out a potentially exploitable vulnerability that would let you sneak in dangerous commands if you know how the command line was being built. The details of the problem are contained in CVE-2013-4457 , but I can explain better here. Interpolation The way cocaine works is that it turns user-supplied inputs into shell-safe strings before interpolating them into your command. You give it a hash, and it replaces the keys in the string with the shell-safe values of thos...

Full article: http://robots.thoughtbot.com/post/65046812006/update-your...

Tweets

About the recent security vulnerability in coca...

robots.thoughtbot.com 25 Oct '13, 6pm

We were recently informed of a security vulnerability in cocaine , our gem for running shell commands. There is lots of wo...

I've been pretty much offline the last week and...

robots.thoughtbot.com 25 Oct '13, 11pm

Update Your Gems: Security Vulnerability in Cocaine Jon Yurek October 25, 2013 open source security ruby We were recently ...

Trinket Contest Update #2

Trinket Contest Update #2

hackaday.com 26 Oct '13, 2pm

Whoa nelly, the Trinket entries are really starting to rolling in fast now! The last update featured only five, but below ...

Bitcoin Core Development Update #5 brings better transaction fees and embedded data

Bitcoin Core Development Update #5 brings bette...

coindesk.com 25 Oct '13, 9am

Bitcoin is about to get two significant updates: a way to embed information about ‘smart property’ into transactions, and ...