blog.mmalecki.com

Nodejitsu security vulnerabilities

Recently, I was looking at some of Nodejitsu code, namely solenoid and forza since I was planning to use forza in my pet project. My attention was drawn to a particular piece of code which had to deal with user permissions. Soon I realized that I should be able to leave my process running on the VM even after my application was stopped and execute my child processes with the same rights as all of the instrumentation. While investigating this particular bug, I noticed that some of their sensitive configuration files were readable to world.

Read more...

Burnout

Wikipedia defines burnout:

Burnout is a psychological term that refers to long-term exhaustion and diminished interest in work.

Read more...

Using LD_PRELOAD

Recently I had a chance to play with LD_PRELOAD for a bit, due to our recent Huge Refactor (tm) at Nodejitsu. LD_PRELOAD environment variable is a way of loading a library before any other libraries are loaded.

Read more...

Hello, world!

This is your typical "Hello, world!" blog posts.

whoami

I am a node.js and C developer, a DevOps engineer by trade. I write code, I talk to servers. I work at Nodejitsu.

I'm going to blog about things I love working on: architecture, code, JavaScript and C. Maybe more. Most likely more.

Read more...