MongoBleed explained simply | MongoDB exploit

⁨81⁩ ⁨likes⁩

Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨qaz@lemmy.world⁩ to ⁨technology@lemmy.world⁩

https://bigdata.2minutestreaming.com/p/mongobleed-explained-simply

cross-posted from: lemmy.world/post/40839222

Simple example

source

Comments

Sort:hotnew top

bryndos@fedia.io ⁨3⁩ ⁨weeks⁩ ago
if /dev/null is fast and web-scale, i will use it!

source
- qaz@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  You start it and it scales right up
  
  source
bigkahuna1986@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
I want to thank this guy for dropping this in Christmas.

Luckily my mongo ports are hidden from the Internet, as everyone else’s should be, so it will survive until Monday when I can upgrade.

source
- adespoton@lemmy.ca ⁨3⁩ ⁨weeks⁩ ago
  
  It is fixed as of writing, but some EOL versions (3.6, 4.0, 4.2) will not get it.
  
  You probably are already up to date.
  
  I know my MongoDB updated around the 17th.
  
  source
ranzispa@mander.xyz ⁨3⁩ ⁨weeks⁩ ago
Hey Mongo, store this stuff; trust me it’s 1 MB. In case it turns out it is not, just give me 1 MB worth of your data.

Thank you very much.

source
- Bakkoda@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  MongoDB: I’m gonna need all your memory.
  
  source
rothaine@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago
TLDR use calloc instead of malloc

source
- qaz@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
  Doesn’t that make it slower because it needs to zero out all the bytes first?
  
  source
  - rothaine@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago
    My understanding is that it’s only slightly slower: the OS maintains a pool of zeroed pages anyway, so it’s not like your program has to iterate over all the addresses and write to them.
    
    But it’s been a long time since I’ve done any C/C++ so I could be wrong.
    
    source
    -> View More Comments
clot27@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
Oh shit

source