Vulnerability Development mailing list archives

Re: reverse engineer c or java

From: cerebus () SACKHEADS ORG (Miller, Timothy)
Date: Sun, 21 May 2000 12:34:40 -0500


Bluefish <11a () GMX NET> writes:

Anyway; given access to files, it is easier to create backdoored variants
if the source code is open, or you use java (seems to be close to the same
thing ;) But to rely upon C with none-open sourcecode is not the solution,
because it simply makes it harder, it doesn't stop an inventive attacker
with good programming knowledge.


Exactly so; I've seen more than enough binary patches in my time to
scare the bejeezus out of anyone.

However, with open access to the source, one can easily perform a
code-walk and a compile verification against distributed binaries.
The login/gcc backdoor aside, this provides a much greater degree of
assurance.

Current thread:

Re: reverse engineer c or java AnorEXia (May 20)
- Re: reverse engineer c or java Jacek Lipkowski (May 21)
  - Re: reverse engineer c or java Bluefish (May 22)
- Re: reverse engineer c or java Jeff Bachtel (May 23)
  - Re: reverse engineer c or java Crispin Cowan (May 28)
- <Possible follow-ups>
- Re: reverse engineer c or java Miller, Timothy (May 21)
- Re: reverse engineer c or java Zoa_Chien (May 22)
- Re: reverse engineer c or java Michael Wojcik (May 22)
- Re: reverse engineer c or java Matt inAmsterdam (May 24)
- Re: reverse engineer c or java Matt inAmsterdam (May 25)