this post was submitted on 07 Jul 2023
1675 points (93.0% liked)
Memes
45734 readers
762 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How are you going to do that if it's software-as-a-service?
See the first bullet point. I was referring to any code that is distributed.
Yeah, there's no way to really audit code running on a remote server with the exception of fuzzing. Hell, even FOSS can't be properly audited on a remote server because you kind of have to trust that they're running the version of the source code they say they are.
Ohhh, code that is distributed. The implication of that word flew over my head lmao, thanks for the clarification.
You can always brute force the SSH login and take a look around yourself. If you leave an apology.txt file in /home, I'm sure the admin won't mind.
Lol, unlikely SSH is exposed to the net. You'll probably need an RCE in the service to pop a shell.
That's not universally true, at least if you're not on the same LAN. For example, most small-scale apps hosted on VPSs are typically configured with a public-facing SSH login.