At 03:36 PM 8/18/2009, Ronny Schedel wrote: >It's not forbidden to mix diffent programming languages, I am sure they also >use Assembler codes. The problem can also occur in C++, because they trust >the client that it sends a valid string, but it can send anything.
They only use assembly code to in startup to get the CPU MHZ via 2 calls to rdtsc. > > Thats not right ;) > > > > The programming language is the problem in this case. Why should i write > > my code with functions that shouldnt be used with C++? > > C++ works with the stdlib, which means streams. Not C stuff. So its > > finally up to Valve to write programs which follows C++ standards not C. > > You cant trust your users as programmer. Its up to us, to make the > > source safe, and if the projecttime needs 2 weeks more, you should spend > > the time. > > > > > > Ronny Schedel schrieb: > >> The problem is not the programming language, the problem is that Valve > >> trust > >> their game clients too much. > >> > >> > >> > >>> Well, > >>> > >>> Valve should start coding c++ with steams ;) > >>> Who works with printfs today? > >>> > >>> I hope Valve will fix the whole source to prevent overflows. > >>> C++ is you friend, not old C stuff... > >>> > >>> Best regards, > >>> Stefan Popp > >>> > >>> > >>> Claudio Beretta schrieb: > >>> > >>>> Thanks, anyone knows if a workaround is available? > >>>> > >>>> BTW: aren't "security researchers" supposed to contact the developers > >>>> before > >>>> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a > >>>> few > >>>> weeks -.- > >>>> > >>>> > >>>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes <mrh9...@lanaddict.com> > >>>> wrote: > >>>> > >>>> > >>>> > >>>>> A friend forwarded me this info regarding a vulnerability. I am > >>>>> unable > >>>>> to > >>>>> test this at the moment, but it does look like it is possible. > >>>>> Thought > >>>>> I > >>>>> would get this out to the community before others start using this to > >>>>> cause > >>>>> havoc. > >>>>> > >>>>> http://www.vupen.com/english/advisories/2009/2296 > >>>>> http://aluigi.altervista.org/adv/sourcefs-adv.txt > >>>>> > >>>>> Morgan Humes > >>>>> _______________________________________________ > >>>>> To unsubscribe, edit your list preferences, or view the list archives, > >>>>> please visit: > >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>>>> > >>>>> > >>>>> > >>>> _______________________________________________ > >>>> To unsubscribe, edit your list preferences, or view the list archives, > >>>> please visit: > >>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>>> > >>>> > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>> > >>> > >> > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > >_______________________________________________ >To unsubscribe, edit your list preferences, or view the list >archives, please visit: >http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
