Hi Todd! Todd Towles [2004-12-22 14:26 -0600]: > So now, I just need to trick a user into running a malicious source file > that I assembed and sent him, this makes it much harder. Although I understand the irony in this, I still think that this is an important issue. Running unknown programs _is_ a different thing than merely compiling/assembling something. For example, Debian's and Ubuntu's autobuilders compile and assemble code all the day, but the compiled code is not actually ran there. The key difference is just that by _running_ a program I expect it to do something, whereas when I _assemble_ a source file, I do not expect it to have any side effects (no system modification apart from writing the output file. > > -----Original Message----- > > From: full-disclosure-bounces@xxxxxxxxxxxxxxxx > > [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxx] On Behalf > > Of Martin Pitt > > Sent: Wednesday, December 22, 2004 4:53 AM > > To: ubuntu-security-announce@xxxxxxxxxxxxxxxx > > Cc: bugtraq@xxxxxxxxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxx > > Subject: [Full-Disclosure] [USN-45-1] nasm vulnerability > > > > =========================================================== > > Ubuntu Security Notice USN-45-1 December 22, 2004 > > nasm vulnerability > > CAN-2004-1287 > > =========================================================== > > [...] Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html