| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: anthony at safferconsulting.com (Anthony Saffer) Subject: Administrivia: Binary Executables w/o Source I belong to a few security groups that develop "fixer" patches for various vunerabilities that hit the net. In those groups, because running a black box binary is so dangerous, we only are allowed to post patch source. Most people can get their hands on a free compiler and we provide explicit instructions on how to compile the patches. It works very well and we don't have to worry about people sending binaries... Just My $0.02... Anthony Saffer SCS Consulting Services www.safferconsulting.com ----- Original Message ----- From: Drew Copley <dcopley@...e.com> To: <full-disclosure@...ts.netsys.com> Sent: Monday, August 18, 2003 3:26 PM Subject: RE: [Full-Disclosure] Administrivia: Binary Executables w/o Source > If anybody is stupid enough to run a binary file from here they deserve > any negative consequences which may result from that. > > Okay, I know other people are thinking that because it is just so true. > > This said, someone sent a copy of this lastest fixer msblast variant. I > appreciated that. But, proper netiquette says to not send binaries nor > pictures to internet lists (newsgroups or mailing lists). It is best to > send by url, such urls are very valuable. > > (Personally, I have never cared about binaries nor pictures being sent > as long as their size were small... It is just html email which I hate.) > > Just some food for thought from a contrary viewpoint. > > > > -----Original Message----- > > From: full-disclosure-admin@...ts.netsys.com > > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > > S . f . Stover > > Sent: Monday, August 18, 2003 9:06 AM > > To: Len Rose > > Cc: Raj Mathur; full-disclosure@...ts.netsys.com > > Subject: Re: [Full-Disclosure] Administrivia: Binary > > Executables w/o Source > > > > > > On 18 Aug 03 03:40:34PM Len Rose[len@...sys.com] wrote: > > : My message was not about the size ofd > > : the file but rather about the sheer useless re-transmission > > : of a binary (any executable) that no one in their right mind > > : would actually run which is why I suggested that source code > > : should be included next time. > > > > Would that really matter though? I mean, how would I know > > that the binary included came from the attached source? > > > > Plus, I do have quarantined machines I blow away and rebuild > > regularly that I don't mind putting unknown binaries on from > > time to time. Any my mileage definitely does vary ;-) > > > > Just my 0.02. I figure there's no list like FD for unknown > > binaries... > > > > -- > > attica@...ckheap.org > > GPG Key ID: 0xF8F859D0 > > http://pgp.mit.edu:11371/pks/lookup?search=0xF8F859D0&op=index > > > "There is no such thing as right and wrong, there's just popular > opinion." -Jeffrey Goines > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists