|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Security Bug in MSVC
From: redsand (redsand
redsand.net)
Date: Thu Jan 19 2006 - 14:35:21 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
i think the author of this advisory is desperate for advisories or
attention.
either way he needs to open a disassembler and work on something else.
Pavel Kankovsky wrote:
>On Tue, 17 Jan 2006, Morning Wood wrote:
>
>
>
>>extract, and open hello.dsw
>>click "batch build, build" or "rebuild all"
>>code will execute ( calc.exe and notepad.exe used as an example )
>>
>>
>
>What's the point of building a bunch of sources unless
>1. you trust their author, or
>2. you have made sure their is nothing malicious there?
>
>When you build an executable from untrusted sources, you get an untrusted
>executable. Either you run it and you're screwed anyway, or you don't run
>it and you wasted your time building it.
>
>(Indeed, there are some marginal cases like when you want to build an
>executable file intended to run on someone else's computer...)
>
>--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
>"Resistance is futile. Open your source code and prepare for assimilation."
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]