Full Disclosure mailing list archives
Re: Security Bug in MSVC
From: Joachim Schipper <j.schipper () math uu nl>
Date: Wed, 18 Jan 2006 11:11:11 +0100
On Tue, Jan 17, 2006 at 02:25:11PM -0800, Morning Wood wrote:
------------------------------------------------------------ - EXPL-A-2006-002 exploitlabs.com Advisory 048 - ------------------------------------------------------------ - MSVC 6.0 run file bug -
IMPACT ====== The impact of this is quite severe, as it is possible to script commands such as to launch ftp, retrieve and execute a file from a remote location.
1.a ==== InputPath=.\Release\hello.exe SOURCE="$(InputPath)" "hello.exe" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" calc 1.b ==== PostBuild_Cmds=notepad.exe
SUGGESTED PATCH =============== Include a dialog box that warns the user, before pre and post build directives can be launched, if the presence of execute directives exist in the build project files.
Well, if that's an undisclosed vulnerability, let me be the first to note that Makefiles and pretty much any other build mechanism I know of allow the same. For very good reasons - quite a few programs cannot be built without this functionality. It is a well-known fact that one should not run make on an untrusted makefile, as it can do whatever it pleases. Is the Windows world truly so backward as to not have 'discovered' the Windows analogue earlier? I find that hard to believe. In all this, I am discounting the fact that if someone is building untrusted sources, (s)he is most likely going to run the untrusted program afterwards. In short - I think this functionality is useful, I don't see the vulnerability, and I don't want to believe that nobody figured out that arbitrarely running project files is about as bad an idea as arbitrarily running anything else. Joachim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Security Bug in MSVC Morning Wood (Jan 17)
- Re: Security Bug in MSVC ad () heapoverflow com (Jan 17)
- Re: Security Bug in MSVC Stan Bubrouski (Jan 17)
- Re: Security Bug in MSVC Jason Coombs (Jan 17)
- Re: Security Bug in MSVC Dave Korn (Jan 18)
- Re: Re: Security Bug in MSVC Jason Coombs (Jan 18)
- Re: Re: Security Bug in MSVC bkfsec (Jan 18)
- Re: Re: Security Bug in MSVC Dave Korn (Jan 19)
- Re: Security Bug in MSVC Dave Korn (Jan 18)
- Re: Security Bug in MSVC ad () heapoverflow com (Jan 17)
- Re: Security Bug in MSVC Joachim Schipper (Jan 18)
- Re: Security Bug in MSVC Morning Wood (Jan 18)
- Re: Security Bug in MSVC Pavel Kankovsky (Jan 19)
- Re: Security Bug in MSVC redsand (Jan 19)
- Re: Security Bug in MSVC Stan Bubrouski (Jan 19)
- Re: Security Bug in MSVC ad () heapoverflow com (Jan 19)
- Re: Security Bug in MSVC redsand (Jan 19)
- Re: Security Bug in MSVC ad () heapoverflow com (Jan 19)
- Re: Security Bug in MSVC redsand (Jan 19)
- <Possible follow-ups>
- Re: Security Bug in MSVC Otter E (Jan 19)