Chaining multiple low-impact bugs to arbitrary file read in GitLab
Since around August 2018, I began to read the source code of GitLab and test it over and over. The time pays me back, during the first several months I found...
Posts by Category
security
Second bite on GitLab, and some interesting Ruby functions/features
Brief It’s been a while since I wrote something in this blog last time. I just posted something about several bugs I found several months ago in GitHub Pages...
Path Traversal in GitHub pages, and more for GitHub Enterprise
Brief I started to write blogs (again) from early 2018. I had a blog constructed with obtvse, and added support to the mark-up syntax of Org mode (yes I’m an...
Secure coding with Ruby from the perspective of a system engineer (2)
Before I continue
Secure coding with Ruby from the perspective of a system engineer (1)
Why I’m writing this
What happens when I mount procfs from host to a Docker container, and why?
Docker has been a major component of my daily work since several years ago. It brings advantages on isolation, replication and scalability to our services. I...
Arbitrary data deserialization in Ruby
Deserializing untrusted data is usually dangerous and can lead to serious consequences like remote code execution. Remember not to deserialize user-input dat...