Re: Downloading files

Rick Moen <rick@xxxxxxxxxxxxxx> wrote in
news:5b9b9$44d1464a$c690c3ba$5902@xxxxxxxxx:

chuckcar <chuck@xxxxxxx> wrote:

Retaining little worries about a piece of untrustworthy software
you've fetched from somewhere, for no better reason than having its
source code, is a truly _excellent_ way to fool yourself and shoot
yourself in the foot. The reasons should be obvious. If not, go
and security-audit the source code of the next five desktop
applications you use. (For extra fun, make sure they have to parse
data from public networks, and go over those input-validation
routines carefully!)

Tell you what, you find *one* named piece of software fitting this
character on sourceforge.net, freshmeat.net or gnu.org and I'll
willingly admit I was misinformed on the matter, but until you do,
you might as well be talking about some code somebody dreged out of a
newsgroup that only posts code for lovers of viri.

o mpg123 pre0.59s beta was vulnerable to buffer overflow induced by
trojaned (specially malformed) MP3 files played using it, having
binary code in the MP3 frame header that invokes a shell and
recursively deletes the user's home directory. Some showoff who
noticed this bug actually coded a piece of exploit code against it
called JBells (aka Jbellz), that you'll find in some of the more
comprehensive lists of Linux malware. Such as *ahem* mine.

OK, what did I win, Chuck? ;->


0 projects found



No matches.

is the response from the search on freshmeat.net. I was *very* specific
on my criteria. Anybody can rewrite code and callit "their own" but your
"project" doesn't exist on freshmeat.net or sourceforge.net. Your
example just doesn't make it. It's more in line with my last sentence in
my previous post. I retain my point.


--
(setq (chuck nil) car(chuck) )
.

Relevant Pages

  • Re: packagemaker script assistance needed.
    ... Santa Claus wrote: ... Is there a reason you're conditionalizing the whole block instead of one ... the reason my program source code is so long. ...
    (comp.sys.mac.programmer.help)
  • Re: ASCII schematics from LTSpice
    ... >Is there any reason it shouldn't compile under linux? ... be will depend a lot on how closely aligned the schematic semantic designs are. ... If you do take a whack at this, I'd appreciate any feedback on the source code ... Jon ...
    (sci.electronics.basics)
  • Re: Downloading files
    ... for no better reason than having its ... is a truly _excellent_ way to fool yourself and shoot ... security-audit the source code of the next five desktop applications ...
    (comp.os.linux.setup)
  • Re: Message unknown: "Warning: initial dialog data is out of range."
    ... the search for the reason of the warning is ... I always just search the source code. ... >context than the generic message string, which might be "Resource was not ... MVP Tips: http://www.flounder.com/mvp_tips.htm ...
    (microsoft.public.vc.mfc)
  • Re: Why Shopkeepers are despicable.
    ... That's no reason not to kill him. ... (setq (chuck nil) ...
    (rec.games.roguelike.nethack)