mailing list archives
Re: Security Bug in MSVC
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Thu, 19 Jan 2006 16:09:00 -0800
What's the point of building a bunch of sources unless
1. you trust their author, or
2. you have made sure their is nothing malicious there?
When you build an executable from untrusted sources, you get an untrusted
executable. Either you run it and you're screwed anyway, or you don't run
it and you wasted your time building it.
this does not exploit the source code.
it does exploit the build files.
if i was simply compiling badprog.c
then launching it, that would be stupid.
i am leveraging the project files, not the source code.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Security Bug in MSVC Otter E (Jan 19)
- Re: Re: Security Bug in MSVC, (continued)
- Re: Security Bug in MSVC Morning Wood (Jan 20)