> I don't know Igor, but if 7z is anything to go by then he probably uses VC--I'm guessing here--6 for the same reason Sean Barrett does: It's way faster and less bloated than modern VS.
Then they should learn how to download the SDK and learn to use the command line to properly compile code with proper ASLR and other such security features. Keep working in VC 6.0 if you want, but for the love of all things good please enable basic ASLR.
Its 2018. Its time to get with the program. Various solutions (or at least... mitigations) to buffer overflows and code execution bugs have been discovered in the last 20 years. Yes, VS 6 was released in 1998. My use of the phrase "20 years" is literal.
Its shameful that a dev of one of the most popular open source tools out there doesn't care about security.
--------------
In any case, Igor runs his dev environment from 20 years ago. If someone was compiling code with GCC 2.95 (released 2001, three years after his version of VS), the first response from Linus Torvalds would be "Dear lord, please upgrade your compiler. I'm not going to ensure compatibility with 18-year old tech".
> I'm also guessing he doesn't use those security features because they're largely ineffective and just complicate things and slow them down.
ASLR is ineffective? Really?
https://www.cisecurity.org/advisory/multiple-vulnerabilities...
https://landave.io/2018/01/7-zip-multiple-memory-corruptions...
The freaking executable doesn't have the freaking "NX Bit". We're talking about the most barebone basics of security here.
No ASLR. A lack of NX Bit. Pretty much any security feature discovered in the last 20 years is missing from 7zip. Its actually one of the worst offenders of security I've ever seen in 2018.
