> What's the point of building a bunch of sources unless > 1. you trust their author, or > 2. you have made sure their is nothing malicious there? > > When you build an executable from untrusted sources, you get an untrusted > executable. Either you run it and you're screwed anyway, or you don't run > it and you wasted your time building it. >
again... this does not exploit the source code. it does exploit the build files. if i was simply compiling badprog.c then launching it, that would be stupid. i am leveraging the project files, not the source code. MW _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
