A makefile can call whatever it wants so if you run a malicious one you're already hacked. There's nothing you can do with a cmake buffer overrun that you can't also do just by writing a normal cmake file to call out whichever malicious commands you want.
You are technically not wrong, of course, but if the attack vector got already to running Makefiles on your system, you should probably focus your effort to tighten security elsewhere.
al2o3cr|8 years ago
pedrocr|8 years ago
throwaway613834|8 years ago
> OTOH, allocating & using memory correctly so that a maliciously-crafted Makefile can't get elevated permissions is.
https://en.wikipedia.org/wiki/Not_even_wrong
martin_ky|8 years ago