LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Github compromised, or not?!

Github compromised, or not?!

Posted Mar 5, 2012 17:27 UTC (Mon) by ajross (subscriber, #4563)
In reply to: Github compromised, or not?! by XTF
Parent article: Github compromised

Actually, if you want to pick on php, the register_globals() misfeature (now fixed) is a closer fit. Rails, (apparently, under the default idiom "everyone uses"), allowed an attacker to override fields in the model object via unexpected CGI paramters. PHP using register_globals() gadget suck the CGI parameters in as global variables.

Basically the same stupid mistake. It's a collision between convenience (representing query parameters as variables automatically without the need to explicitly parse/validate/declare/etc...) and safety (forgetting that the resulting variables are potentially from untrusted sources). Rails leans heavily on the DRY principle, and would be expected to be particularly susceptible to this kind of goof.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds