Full Disclosure mailing list archives
Re: Security Bug in MSVC
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Thu, 19 Jan 2006 16:09:00 -0800
What's the point of building a bunch of sources unless 1. you trust their author, or 2. you have made sure their is nothing malicious there? When you build an executable from untrusted sources, you get an untrusted executable. Either you run it and you're screwed anyway, or you don't run it and you wasted your time building it.
again... this does not exploit the source code. it does exploit the build files. if i was simply compiling badprog.c then launching it, that would be stupid. i am leveraging the project files, not the source code. MW _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Re: Security Bug in MSVC, (continued)
- Re: Re: Security Bug in MSVC bkfsec (Jan 18)
- Re: Re: Security Bug in MSVC Dave Korn (Jan 19)
- Re: Security Bug in MSVC Joachim Schipper (Jan 18)
- Re: Security Bug in MSVC Morning Wood (Jan 18)
- Re: Security Bug in MSVC Pavel Kankovsky (Jan 19)
- Re: Security Bug in MSVC redsand (Jan 19)
- Re: Security Bug in MSVC Stan Bubrouski (Jan 19)
- Re: Security Bug in MSVC ad () heapoverflow com (Jan 19)
- Re: Security Bug in MSVC redsand (Jan 19)
- Re: Security Bug in MSVC ad () heapoverflow com (Jan 19)
- Re: Security Bug in MSVC redsand (Jan 19)
- Re: Security Bug in MSVC Morning Wood (Jan 19)