On Wed, 2020-01-01 at 10:29 +0100, Elmar Stellnberger wrote:
>Up to now I did not see any notable effort to support malware reverse
> engineering under Linux. The only program I knew was boomerang for
> decompiling malware but it seems to be unsupported since long. I would
> really be in ne
> Some of its checks look inherently dangerous, e.g. the bash -n check for
> shell syntax.
Why would bash -n be dangerous?
signature.asc
Description: OpenPGP digital signature
* Paul Wise:
> On Wed, Jan 1, 2020 at 1:00 PM Florian Weimer wrote:
>
>> Doesn't lintian on ftp-master use disposable VMs?
>
> No mention of qemu/kvm in dak.git nor any qemu processes running on
> ftp-master.d.o, so I don't think so.
Uh-oh.
>> Some of its checks look inherently dangerous, e.g. t
* Daniel Reichelt:
>> Some of its checks look inherently dangerous, e.g. the bash -n
>> check for shell syntax.
>
> Why would bash -n be dangerous?
In the past, the bash parser was not very successful at inhibiting
command execution. I doubt that this has changed, although some
corner cases have
On Wed, Jan 1, 2020 at 1:00 PM Florian Weimer wrote:
> Doesn't lintian on ftp-master use disposable VMs?
No mention of qemu/kvm in dak.git nor any qemu processes running on
ftp-master.d.o, so I don't think so.
> Some of its checks look inherently dangerous, e.g. the bash -n check for
> shell sy
* Paul Wise:
> On Tue, Dec 31, 2019 at 9:47 AM Florian Weimer wrote:
>
>> BFD and binutils have not been designed to process untrusted data.
>> Usually, this does not matter at all. For example, no security
>> boundary is crossed when linking object files that have been just been
>> compiled.
>
>
On 01/01/20 10:29, Elmar Stellnberger wrote:
Up to now I did not see any notable effort to support malware reverse
engineering under Linux. The only program I knew was boomerang for
decompiling malware but it seems to be unsupported since long.
probably here you can find some useful:
http
Am 01.01.20 um 10:48 schrieb PJ:
Maybe ultimately one needs monitors and diff-machines built in hardware
(and more or less by oneself).
If compilers can be subverted, so can assemblers.
It would be really worthwhile to have a decompiler!
It is not assemblers that are subverted but machine i
Am 01.01.20 um 10:29 schrieb Elmar Stellnberger:
> Am 01.01.20 um 03:14 schrieb Paul Wise:
>> On Tue, Dec 31, 2019 at 9:47 AM Florian Weimer wrote:
>>
>>> BFD and binutils have not been designed to process untrusted data.
>>> Usually, this does not matter at all. For example, no security
>>> bound
Am 01.01.20 um 03:14 schrieb Paul Wise:
On Tue, Dec 31, 2019 at 9:47 AM Florian Weimer wrote:
BFD and binutils have not been designed to process untrusted data.
Usually, this does not matter at all. For example, no security
boundary is crossed when linking object files that have been just be
10 matches
Mail list logo
