Full Disclosure mailing list archives

Re: Security Bug in MSVC

From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Thu, 19 Jan 2006 23:42:50 +0100



i think the author of this advisory is desperate for advisories or
attention.

either way he needs to open a disassembler and work on something
else.

Pavel Kankovsky wrote:

On Tue, 17 Jan 2006, Morning Wood wrote:

extract, and open hello.dsw click "batch build, build" or
"rebuild all" code will execute ( calc.exe and notepad.exe used
as an example )


What's the point of building a bunch of sources unless 1. you
trust their author, or 2. you have made sure their is nothing
malicious there?

When you build an executable from untrusted sources, you get an
untrusted executable. Either you run it and you're screwed
anyway, or you don't run it and you wasted your time building it.


(Indeed, there are some marginal cases like when you want to
build an executable file intended to run on someone else's
computer...)

--Pavel Kankovsky aka Peak  [ Boycott
Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open
your source code and prepare for assimilation."

_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/


_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/


7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ9AV6a+LRXunxpxfAQIl+A//XQq/5cyAlFC1SPGGqtQ0dG+S/NwGUzzv
Z7ztPO91djMBVqHq1sNKwpwGwvl9KDXANuxl+lSRpW4KaoXIfORFhbO+jFHkkENN
mcLVmLVuzDzO9a5RPCSb1NdIvPMSulJCV+4uoZyc45qG1Vw6qNugISnZm8R2CZk+
+V+VqB8cpl34JdL7tfPPn5Gcs4QRJiNcFfFsT0duG1p2EGuLzbvNqgqPcISSL+MZ
fNDrbRHk+PpkIz0Z1bxdAt9v/ijJ/c+vWASa0jO9tPtUEdsYfJYFC2LOUpw659rS
DAiMxxKPPt2tFR7n4PyIridzrYRNd9UrwbMsiTaD8aOIIZHmhac3+vfVbOv+zOEz
L2s8Sv5FanlsEI/zcK5DCSL6aRAVY98Uhq796qFrwAGkmCP1umfQGb/dFn+hmqd/
4WwA/Qzv9vBBRqKUssiASwock5s/Vpb9y9OdPjkcN1QYVOm1RxPaA8uFKRfZ34v1
sFGzefTOo4xYFuuPuXB+Uz2/yDhvrPuqsiQdvtz7jQ56NxTQmxuLN2fy5Uh1Pc7L
1bnvW5FSFAboD95uaIfFvzu5oclQnXLJBgCjQCVjhXR1FUX/vOc+8ydcF5dUiLkk
+iOMKvOvyzgGwuXR8z6tTXkPpEtJkb4xSej/JFHHpcUwSK/teUlHE6eODczAZtop
S4l5HkauGb0=
=Yi5I
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Security Bug in MSVC, (continued)
- Re: Security Bug in MSVC Jason Coombs (Jan 17)
  - Re: Security Bug in MSVC Dave Korn (Jan 18)
    - Re: Re: Security Bug in MSVC Jason Coombs (Jan 18)
    - Re: Re: Security Bug in MSVC bkfsec (Jan 18)
    - Re: Re: Security Bug in MSVC Dave Korn (Jan 19)
- Re: Security Bug in MSVC Joachim Schipper (Jan 18)
  - Re: Security Bug in MSVC Morning Wood (Jan 18)
- Re: Security Bug in MSVC Pavel Kankovsky (Jan 19)
  - Re: Security Bug in MSVC redsand (Jan 19)
    - Re: Security Bug in MSVC Stan Bubrouski (Jan 19)
    - Re: Security Bug in MSVC ad () heapoverflow com (Jan 19)
    - Re: Security Bug in MSVC redsand (Jan 19)
    - Re: Security Bug in MSVC ad () heapoverflow com (Jan 19)
  - Re: Security Bug in MSVC Morning Wood (Jan 19)
- Re: Security Bug in MSVC Otter E (Jan 19)