I belong to a few security groups that develop "fixer" patches for various vunerabilities that hit the net. In those groups, because running a black box binary is so dangerous, we only are allowed to post patch source. Most people can get their hands on a free compiler and we provide explicit instructions on how to compile the patches. It works very well and we don't have to worry about people sending binaries...
Just My $0.02... Anthony Saffer SCS Consulting Services www.safferconsulting.com ----- Original Message ----- From: Drew Copley <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 18, 2003 3:26 PM Subject: RE: [Full-Disclosure] Administrivia: Binary Executables w/o Source > If anybody is stupid enough to run a binary file from here they deserve > any negative consequences which may result from that. > > Okay, I know other people are thinking that because it is just so true. > > This said, someone sent a copy of this lastest fixer msblast variant. I > appreciated that. But, proper netiquette says to not send binaries nor > pictures to internet lists (newsgroups or mailing lists). It is best to > send by url, such urls are very valuable. > > (Personally, I have never cared about binaries nor pictures being sent > as long as their size were small... It is just html email which I hate.) > > Just some food for thought from a contrary viewpoint. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > S . f . Stover > > Sent: Monday, August 18, 2003 9:06 AM > > To: Len Rose > > Cc: Raj Mathur; [EMAIL PROTECTED] > > Subject: Re: [Full-Disclosure] Administrivia: Binary > > Executables w/o Source > > > > > > On 18 Aug 03 03:40:34PM Len [EMAIL PROTECTED] wrote: > > : My message was not about the size ofd > > : the file but rather about the sheer useless re-transmission > > : of a binary (any executable) that no one in their right mind > > : would actually run which is why I suggested that source code > > : should be included next time. > > > > Would that really matter though? I mean, how would I know > > that the binary included came from the attached source? > > > > Plus, I do have quarantined machines I blow away and rebuild > > regularly that I don't mind putting unknown binaries on from > > time to time. Any my mileage definitely does vary ;-) > > > > Just my 0.02. I figure there's no list like FD for unknown > > binaries... > > > > -- > > [EMAIL PROTECTED] > > GPG Key ID: 0xF8F859D0 > > http://pgp.mit.edu:11371/pks/lookup?search=0xF8F859D0&op=index > > > "There is no such thing as right and wrong, there's just popular > opinion." -Jeffrey Goines > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html