On Mon, 19 Mar 2007 09:18:35 +0100, RaeNye <[EMAIL PROTECTED]> wrote:
I don't really care whether the intermediate represention is the same as
the WPS with comments and whitespace stripped, or with text strings
coalesced in
the end of the file and pointers attached, or an obscure binary format.
It's just that you need to parse a simpler format without error checking
(unlike user-supplied WPS).
If we have some binary output that could be written directly to memory
lying
around on the disk, without error checking, it just screams security hole
directly in my face. Then again, it depends where and when it is created.
And of course, I see no practical application of creating a "malicious"
wps binary to 0wn your ipod. But I just thought someone should mention it.
Kosta
