Vulnerability Development mailing list archives
Re: reverse engineer c or java
From: cerebus () SACKHEADS ORG (Miller, Timothy)
Date: Sun, 21 May 2000 12:34:40 -0500
Bluefish <11a () GMX NET> writes:
Anyway; given access to files, it is easier to create backdoored variants if the source code is open, or you use java (seems to be close to the same thing ;) But to rely upon C with none-open sourcecode is not the solution, because it simply makes it harder, it doesn't stop an inventive attacker with good programming knowledge.
Exactly so; I've seen more than enough binary patches in my time to scare the bejeezus out of anyone. However, with open access to the source, one can easily perform a code-walk and a compile verification against distributed binaries. The login/gcc backdoor aside, this provides a much greater degree of assurance.
Current thread:
- Re: reverse engineer c or java AnorEXia (May 20)
- Re: reverse engineer c or java Jacek Lipkowski (May 21)
- Re: reverse engineer c or java Bluefish (May 22)
- Re: reverse engineer c or java Jeff Bachtel (May 23)
- Re: reverse engineer c or java Crispin Cowan (May 28)
- <Possible follow-ups>
- Re: reverse engineer c or java Miller, Timothy (May 21)
- Re: reverse engineer c or java Zoa_Chien (May 22)
- Re: reverse engineer c or java Michael Wojcik (May 22)
- Re: reverse engineer c or java Matt inAmsterdam (May 24)
- Re: reverse engineer c or java Matt inAmsterdam (May 25)
- Re: reverse engineer c or java Jacek Lipkowski (May 21)