On Mon, 19 Mar 2007 09:18:35 +0100, RaeNye <raenye_at_netvision.net.il> wrote:

> I don't really care whether the intermediate represention is the same as
> the WPS with comments and whitespace stripped, or with text strings
> coalesced in
> the end of the file and pointers attached, or an obscure binary format.
> It's just that you need to parse a simpler format without error checking
> (unlike user-supplied WPS).

If we have some binary output that could be written directly to memory
lying
around on the disk, without error checking, it just screams security hole
directly in my face. Then again, it depends where and when it is created.
And of course, I see no practical application of creating a "malicious"
wps binary to 0wn your ipod. But I just thought someone should mention it.

Kosta
Received on 2007-03-20