Full Disclosure mailing list archives
Re: Security Bug in MSVC
From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Thu, 19 Jan 2006 21:14:32 +0100 (CET)
On Tue, 17 Jan 2006, Morning Wood wrote:
extract, and open hello.dsw click "batch build, build" or "rebuild all" code will execute ( calc.exe and notepad.exe used as an example )
What's the point of building a bunch of sources unless 1. you trust their author, or 2. you have made sure their is nothing malicious there? When you build an executable from untrusted sources, you get an untrusted executable. Either you run it and you're screwed anyway, or you don't run it and you wasted your time building it. (Indeed, there are some marginal cases like when you want to build an executable file intended to run on someone else's computer...) --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Security Bug in MSVC Morning Wood (Jan 17)
- Re: Security Bug in MSVC ad () heapoverflow com (Jan 17)
- Re: Security Bug in MSVC Stan Bubrouski (Jan 17)
- Re: Security Bug in MSVC Jason Coombs (Jan 17)
- Re: Security Bug in MSVC Dave Korn (Jan 18)
- Re: Re: Security Bug in MSVC Jason Coombs (Jan 18)
- Re: Re: Security Bug in MSVC bkfsec (Jan 18)
- Re: Re: Security Bug in MSVC Dave Korn (Jan 19)
- Re: Security Bug in MSVC Dave Korn (Jan 18)
- Re: Security Bug in MSVC ad () heapoverflow com (Jan 17)
- Re: Security Bug in MSVC Joachim Schipper (Jan 18)
- Re: Security Bug in MSVC Morning Wood (Jan 18)
- Re: Security Bug in MSVC Pavel Kankovsky (Jan 19)
- Re: Security Bug in MSVC redsand (Jan 19)
- Re: Security Bug in MSVC Stan Bubrouski (Jan 19)
- Re: Security Bug in MSVC ad () heapoverflow com (Jan 19)
- Re: Security Bug in MSVC redsand (Jan 19)
- Re: Security Bug in MSVC ad () heapoverflow com (Jan 19)
- Re: Security Bug in MSVC redsand (Jan 19)
- <Possible follow-ups>
- Re: Security Bug in MSVC Otter E (Jan 19)