Full Disclosure mailing list archives
Re: Administrivia: Binary Executables w/o Source
From: "Anthony Saffer" <anthony () safferconsulting com>
Date: Mon, 18 Aug 2003 18:11:14 -0700
I belong to a few security groups that develop "fixer" patches for various vunerabilities that hit the net. In those groups, because running a black box binary is so dangerous, we only are allowed to post patch source. Most people can get their hands on a free compiler and we provide explicit instructions on how to compile the patches. It works very well and we don't have to worry about people sending binaries... Just My $0.02... Anthony Saffer SCS Consulting Services www.safferconsulting.com ----- Original Message ----- From: Drew Copley <dcopley () eeye com> To: <full-disclosure () lists netsys com> Sent: Monday, August 18, 2003 3:26 PM Subject: RE: [Full-disclosure] Administrivia: Binary Executables w/o Source
If anybody is stupid enough to run a binary file from here they deserve any negative consequences which may result from that. Okay, I know other people are thinking that because it is just so true. This said, someone sent a copy of this lastest fixer msblast variant. I appreciated that. But, proper netiquette says to not send binaries nor pictures to internet lists (newsgroups or mailing lists). It is best to send by url, such urls are very valuable. (Personally, I have never cared about binaries nor pictures being sent as long as their size were small... It is just html email which I hate.) Just some food for thought from a contrary viewpoint.-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of S . f . Stover Sent: Monday, August 18, 2003 9:06 AM To: Len Rose Cc: Raj Mathur; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Administrivia: Binary Executables w/o Source On 18 Aug 03 03:40:34PM Len Rose[len () netsys com] wrote: : My message was not about the size ofd : the file but rather about the sheer useless re-transmission : of a binary (any executable) that no one in their right mind : would actually run which is why I suggested that source code : should be included next time. Would that really matter though? I mean, how would I know that the binary included came from the attached source? Plus, I do have quarantined machines I blow away and rebuild regularly that I don't mind putting unknown binaries on from time to time. Any my mileage definitely does vary ;-) Just my 0.02. I figure there's no list like FD for unknown binaries... -- attica () stackheap org GPG Key ID: 0xF8F859D0 http://pgp.mit.edu:11371/pks/lookup?search=0xF8F859D0&op=index"There is no such thing as right and wrong, there's just popular opinion." -Jeffrey Goines _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Administrivia: Binary Executables w/o Source Len Rose (Aug 18)
- Re: Administrivia: Binary Executables w/o Source Raj Mathur (Aug 18)
- Re: Administrivia: Binary Executables w/o Source Len Rose (Aug 18)
- Re: Administrivia: Binary Executables w/o Source S . f . Stover (Aug 18)
- RE: Administrivia: Binary Executables w/o Source Drew Copley (Aug 18)
- RE: Administrivia: Binary Executables w/o Source Person (Aug 18)
- RE: Administrivia: Binary Executables w/o Source Drew Copley (Aug 18)
- Re: Administrivia: Binary Executables w/o Source Andreas Gietl (Aug 18)
- RE: Administrivia: Binary Executables w/o Source Drew Copley (Aug 18)
- Re: Administrivia: Binary Executables w/o Source Andreas Gietl (Aug 19)
- Re: Administrivia: Binary Executables w/o Source Len Rose (Aug 18)
- Re: Administrivia: Binary Executables w/o Source Raj Mathur (Aug 18)
- Re: Administrivia: Binary Executables w/o Source Anthony Saffer (Aug 18)
- Re: Administrivia: Binary Executables w/o Source Stephen Clowater (Aug 19)
- Re: Administrivia: Binary Executables w/o Source Valdis . Kletnieks (Aug 19)
- <Possible follow-ups>
- Fwd: Re: Administrivia: Binary Executables w/o Source Stephen Clowater (Aug 18)
- Re: Fwd: Re: Administrivia: Binary Executables w/o Source Jim Race (Aug 18)
- Re: Fwd: Re: Administrivia: Binary Executables w/o Source Valdis . Kletnieks (Aug 18)
- Re: Fwd: Re: Administrivia: Binary Executables w/o Source Russell Fulton (Aug 18)
- Re: Fwd: Re: Administrivia: Binary Executables w/o Source Ron DuFresne (Aug 18)
- RE: Fwd: Re: Administrivia: Binary Executables w/o Source Steve Wray (Aug 19)
- RE: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source Curt Purdy (Aug 19)