From: Rene Rivera (grafik.list_at_[hidden])
Date: 2004-12-21 01:20:35
Daryle Walker wrote:
> But standard archive formats are not executable in and of themselves.
As I mentioned elsewhere, that is irrelevant.
> Expanding a passive archive won't initiate any attack vectors for mal-ware.
Yes it can. And has been historically, re: tiff, png, jpeg, shown that
bugs in non-embeded expanders can be exploited even with "passive" archives.
> An archive with executable code attached adds a potential attack vector with
> dubious benefit.
Do you consider the following a dubious benefit:
* A guaranteed extraction performance.
* A guaranteed construction performance.
* A 200% compression improvement. (ZIP = 17.7M, EXE = 8.5M) And hence a
>(The real problem is that the OP's un-zipper sucked
> performance-wise, but an embedded one may be just as bad. The fix is to use
> a better extractor.)
Yes. And a self-extractor is one way to provide such a better extractor.
> Whether or not the files _within_ the archive have been perverted is a
> separate matter from what I originally talked about.
But the executable part of a self-extractor is "within" the archive. It
is attacked the same way you would the rest of the archive content.
-- -- Grafik - Don't Assume Anything -- Redshift Software, Inc. - http://redshift-software.com -- rrivera/acm.org - grafik/redshift-software.com - 102708583/icq
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk