Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Security Bug in MSVC
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Thu, 19 Jan 2006 16:09:00 -0800

What's the point of building a bunch of sources unless
1. you trust their author, or
2. you have made sure their is nothing malicious there?

When you build an executable from untrusted sources, you get an untrusted
executable. Either you run it and you're screwed anyway, or you don't run
it and you wasted your time building it.


this does not exploit the source code.
it does exploit the build files.

if i was simply compiling badprog.c
then launching it, that would be stupid.

i am leveraging the project files, not the source code.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]