Re: [Full-disclosure] Security Bug in MSVC
- From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
- Date: Thu, 19 Jan 2006 16:09:00 -0800
> What's the point of building a bunch of sources unless
> 1. you trust their author, or
> 2. you have made sure their is nothing malicious there?
>
> When you build an executable from untrusted sources, you get an untrusted
> executable. Either you run it and you're screwed anyway, or you don't run
> it and you wasted your time building it.
>
again...
this does not exploit the source code.
it does exploit the build files.
if i was simply compiling badprog.c
then launching it, that would be stupid.
i am leveraging the project files, not the source code.
MW
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- Re: [Full-disclosure] Security Bug in MSVC
- From: Pavel Kankovsky
- Re: [Full-disclosure] Security Bug in MSVC
- Prev by Date: Re: [Full-disclosure] Security Bug in MSVC
- Next by Date: Re: [Full-disclosure] Re: Re: PC Firewall Choices
- Previous by thread: Re: [Full-disclosure] Security Bug in MSVC
- Next by thread: Re: [Full-disclosure] Security Bug in MSVC
- Index(es):
Relevant Pages
|
