[fpc-devel] PR: Advocates needed
ik
idokan at gmail.com
Thu Jan 19 21:12:20 CET 2006
On 1/19/06, VisionForce <webmaster at visionforceweb.com> wrote:
> Thanks for the info; I don't find that to be a big problem though. The
> reason it executes the control automatically is because a lot of custom
> controls have design features added to their Load function and you would
> want to see these visual changes on your form.
You are missing the point.
Lets explains it simple (I admit that before I tested it myself, it
took me an argument with my boss, and I said it was not a
vulnerability :)):
Lets say that if you use your favorit text editor (notepad.exe for our
example), the simple text file will execute also visual studio because
you have the words "visual studio" on the text file. You must remember
that notepad does not parse text, only display it. Thats the
vulnerability in this case.
You only views the form (no component on it!) and it execute a code on
the from event. You did not compile anything or run anyting... only
viewd a from.
If you would have used a component and the component whould have
executed calc.exe then I would agree that it is not a vulnerability.
Ido
>
>
> Sincerely,
> Alex C. Barberi
> Chief Executive Officer
> VisionForce
> http://www.visionforceweb.com
>
> ----- Original Message -----
> From: "ik" <idokan at gmail.com>
> To: "FPC developers' list" <fpc-devel at lists.freepascal.org>
> Sent: Thursday, January 19, 2006 2:00 PM
> Subject: Re: [fpc-devel] PR: Advocates needed
>
>
> On 1/19/06, VisionForce <webmaster at visionforceweb.com> wrote:
> > On 1/19/06, VisionForce <webmaster at visionforceweb.com> wrote:
> > > You all may hate me after I say this, but creating software in VB or
> > > VB.NET
> > > goes very, very quickly. But I guess since you're trying to advocate
> > > Pascal
> > > right now, this information doesn't help you any.
> >
> > The last time I used VB (version 6), it took me a way too much work
> > for the same thing I wanted to do in Delphi.
> > And .NET contain some very scary features for everyone (It actually
> > execute your code in design time, so if I'll open a form, it will
> > execute everything in it's functions that regarding the open and
> > display things, and I can do some nasty things with it).
> >
> > And it's not portable for other OS's. and IMHO, VB should have died so
> > long ago in the 80's when it syntax became obsolete.
> >
> > Ido
> >
> > --------------------------------
> >
> > Yes, I never use VB6. But VB.NET is much more powerful, and programs can
> > be
> > created in it in half the time. I don't understand what you mean by "very
> > scary features."
> >
> > Alex
>
> Try this: http://www.securiteam.com/windowsntfocus/5KP0D0AHFU.html
>
> On this case it will only open you the calc.exe program, but i can
> make it open for you anything you want at design time. All you need to
> do is to view the form...
> _______________________________________________
> fpc-devel maillist - fpc-devel at lists.freepascal.org
> http://lists.freepascal.org/mailman/listinfo/fpc-devel
>
> _______________________________________________
> fpc-devel maillist - fpc-devel at lists.freepascal.org
> http://lists.freepascal.org/mailman/listinfo/fpc-devel
>
More information about the fpc-devel
mailing list