Security on vnykmshr

Bug 1465

Fri, 27 Mar 2026 00:00:00 +0000

Three bugs walk into a triage queue.

A stack overflow. Symlink loop in tarball parsing, unbounded recursion, process crashes. Build a PoC, trace the call chain, write the report.

“Duplicate of #1465”

Memory exhaustion. String replace in an expression engine, exponential allocation, no cost limit. Different repo, different CWE, different everything. PoC, trace, report.

“Duplicate of #1465”

SQL injection. Template parameter escaping that wraps but doesn’t escape. Different repo again. PoC, trace, report.

The dismissal

Fri, 27 Mar 2026 00:00:00 +0000

A validation layer that checks 3 of 4 fields is worse than one that checks none.

Zero checks, the developer tests everything. Three checks, they assume the fourth is covered. That gap – between nothing and almost everything – is where the actual damage hides.

I keep running into this. Filed a security report recently – clear bug, one-line fix, obvious PoC. Response: “not applicable.” The code did exactly what I said it did. But the team’s threat model said “caller is trusted,” and three other fields had validation, so the missing one looked intentional. It wasn’t. It was just the one nobody got to.

Trust boundaries

Fri, 20 Mar 2026 00:00:00 +0000

I use coding agents on my own private repos every day. Security research, side projects, things I wouldn’t put on a public GitHub. Not something I’d do blindly with work source code though.

So when someone turns off WiFi to prove the agent needs a network connection, I get it. But that’s the architecture. It’s on the pricing page. The agent works on your local files, the reasoning runs on a remote model. Both true, neither a secret.

The personal agent trap

Sat, 28 Feb 2026 00:00:00 +0000

Spent a week going through the personal agent ecosystem – OpenClaw, ZeroClaw, PicoClaw, the whole *Claw family. Channel testing, security audit, the whole thing.

If you want a personal assistant that messages you reminders, triages your inbox, schedules things, posts updates – these frameworks are actually good at that. OpenClaw connects to 50+ channels out of the box, the setup is real, it works. For that, a $7 VPS and an afternoon gets you something useful.

Reading code

Fri, 27 Feb 2026 00:00:00 +0000

Scanners find what’s syntactically wrong. The interesting issues live in assumptions – and assumptions don’t have signatures.

Not scanning, not fuzzing. Just reading code the way you’d read it if you were about to own it in production. Entry points, data flows, where input meets trust.

Missing headers, outdated dependencies – that’s the baseline, scanners handle it fine. The interesting issues live a layer deeper. A path that’s protected in one subsystem but wide open in another. A parse-time operation that nobody thought to bound. Code that was correct when it was written but the system grew around it.

Primary PII

Tue, 05 Nov 2024 00:00:00 +0000

A regulation arrives. Or an auditor. Or a new market with stricter rules. PII is a thing the application was always sloppy about, and now it is a thing the application has to be careful with. This is how PII externalization begins: as someone else’s deadline, landing on the engineering team as an initiative.

The work looks like encryption at first. It is not.

Identify

The first question is not how to encrypt. The first question is what to encrypt.