Monday, February 18, 2008
I always spot the best bugs during coding. While coding tjmd5 (see last posting) I ran across
an interesting mono feature. For each 'foo' C# file that it compiles it lookups 'foo.so'
in /usr, /usr/lib etc directories and 'foo.so.la' in the cwd. This can be abused to execute
arbitrary code while someone is just compiling an C#-file. I am not sure about the impact since
you can say that the dude is executing the .exe after he was compiling it. Well.
Depending on the comments you all make I will decide whether this is something to tell Miguel :-)