[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Security Bug in MSVC

To: "Pavel Kankovsky" <peak@xxxxxxxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Security Bug in MSVC
From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
Date: Thu, 19 Jan 2006 16:09:00 -0800

> What's the point of building a bunch of sources unless
> 1. you trust their author, or
> 2. you have made sure their is nothing malicious there?
> 
> When you build an executable from untrusted sources, you get an untrusted
> executable. Either you run it and you're screwed anyway, or you don't run
> it and you wasted your time building it.
> 

again...

this does not exploit the source code.
it does exploit the build files.

if i was simply compiling badprog.c
then launching it, that would be stupid.

i am leveraging the project files, not the source code.

MW
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Security Bug in MSVC
  - From: Pavel Kankovsky

Prev by Date: Re: [Full-disclosure] Security Bug in MSVC
Next by Date: Re: [Full-disclosure] Re: Re: PC Firewall Choices
Previous by thread: Re: [Full-disclosure] Security Bug in MSVC
Next by thread: Re: [Full-disclosure] Security Bug in MSVC
Index(es):
- Date
- Thread