| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43CFF809.60400@redsand.net> Date: Thu Jan 19 20:35:31 2006 From: redsand at redsand.net (redsand) Subject: Security Bug in MSVC i think the author of this advisory is desperate for advisories or attention. either way he needs to open a disassembler and work on something else. Pavel Kankovsky wrote: >On Tue, 17 Jan 2006, Morning Wood wrote: > > > >>extract, and open hello.dsw >>click "batch build, build" or "rebuild all" >>code will execute ( calc.exe and notepad.exe used as an example ) >> >> > >What's the point of building a bunch of sources unless >1. you trust their author, or >2. you have made sure their is nothing malicious there? > >When you build an executable from untrusted sources, you get an untrusted >executable. Either you run it and you're screwed anyway, or you don't run >it and you wasted your time building it. > >(Indeed, there are some marginal cases like when you want to build an >executable file intended to run on someone else's computer...) > >--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] >"Resistance is futile. Open your source code and prepare for assimilation." > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > >
Powered by blists - more mailing lists