Boost logo

Boost :

From: Rene Rivera (grafik.list_at_[hidden])
Date: 2004-12-21 01:20:35


Daryle Walker wrote:
> But standard archive formats are not executable in and of themselves.

As I mentioned elsewhere, that is irrelevant.

> Expanding a passive archive won't initiate any attack vectors for mal-ware.

Yes it can. And has been historically, re: tiff, png, jpeg, shown that
bugs in non-embeded expanders can be exploited even with "passive" archives.

> An archive with executable code attached adds a potential attack vector with
> dubious benefit.

Do you consider the following a dubious benefit:

* A guaranteed extraction performance.
* A guaranteed construction performance.
* A 200% compression improvement. (ZIP = 17.7M, EXE = 8.5M) And hence a
download improvement.

>(The real problem is that the OP's un-zipper sucked
> performance-wise, but an embedded one may be just as bad. The fix is to use
> a better extractor.)

Yes. And a self-extractor is one way to provide such a better extractor.

> Whether or not the files _within_ the archive have been perverted is a
> separate matter from what I originally talked about.

But the executable part of a self-extractor is "within" the archive. It
is attacked the same way you would the rest of the archive content.

-- 
-- Grafik - Don't Assume Anything
-- Redshift Software, Inc. - http://redshift-software.com
-- rrivera/acm.org - grafik/redshift-software.com - 102708583/icq

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk