lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu Jan 19 22:43:53 2006
From: ad at heapoverflow.com (ad@...poverflow.com)
Subject: Security Bug in MSVC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
and me I think most FD members are desesperate of such newcomer
comments, you have nothing to say interesting about his work he's
doing before you were born.
 
redsand wrote:
>
>
> i think the author of this advisory is desperate for advisories or
> attention.
>
> either way he needs to open a disassembler and work on something
> else.
>
> Pavel Kankovsky wrote:
>
>> On Tue, 17 Jan 2006, Morning Wood wrote:
>>
>>
>>
>>> extract, and open hello.dsw click "batch build, build" or
>>> "rebuild all" code will execute ( calc.exe and notepad.exe used
>>> as an example )
>>>
>>
>> What's the point of building a bunch of sources unless 1. you
>> trust their author, or 2. you have made sure their is nothing
>> malicious there?
>>
>> When you build an executable from untrusted sources, you get an
>> untrusted executable. Either you run it and you're screwed
>> anyway, or you don't run it and you wasted your time building it.
>>
>>
>> (Indeed, there are some marginal cases like when you want to
>> build an executable file intended to run on someone else's
>> computer...)
>>
>> --Pavel Kankovsky aka Peak  [ Boycott
>> Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open
>> your source code and prepare for assimilation."
>>
>> _______________________________________________ Full-Disclosure -
>> We believe in it. Charter:
>> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
>> sponsored by Secunia - http://secunia.com/
>>
>>
>
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/
>
>
>

7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ9AV6a+LRXunxpxfAQIl+A//XQq/5cyAlFC1SPGGqtQ0dG+S/NwGUzzv
Z7ztPO91djMBVqHq1sNKwpwGwvl9KDXANuxl+lSRpW4KaoXIfORFhbO+jFHkkENN
mcLVmLVuzDzO9a5RPCSb1NdIvPMSulJCV+4uoZyc45qG1Vw6qNugISnZm8R2CZk+
+V+VqB8cpl34JdL7tfPPn5Gcs4QRJiNcFfFsT0duG1p2EGuLzbvNqgqPcISSL+MZ
fNDrbRHk+PpkIz0Z1bxdAt9v/ijJ/c+vWASa0jO9tPtUEdsYfJYFC2LOUpw659rS
DAiMxxKPPt2tFR7n4PyIridzrYRNd9UrwbMsiTaD8aOIIZHmhac3+vfVbOv+zOEz
L2s8Sv5FanlsEI/zcK5DCSL6aRAVY98Uhq796qFrwAGkmCP1umfQGb/dFn+hmqd/
4WwA/Qzv9vBBRqKUssiASwock5s/Vpb9y9OdPjkcN1QYVOm1RxPaA8uFKRfZ34v1
sFGzefTOo4xYFuuPuXB+Uz2/yDhvrPuqsiQdvtz7jQ56NxTQmxuLN2fy5Uh1Pc7L
1bnvW5FSFAboD95uaIfFvzu5oclQnXLJBgCjQCVjhXR1FUX/vOc+8ydcF5dUiLkk
+iOMKvOvyzgGwuXR8z6tTXkPpEtJkb4xSej/JFHHpcUwSK/teUlHE6eODczAZtop
S4l5HkauGb0=
=Yi5I
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ