Boost logo

Boost :

From: Jonathan Wakely (cow_at_[hidden])
Date: 2004-12-21 05:14:17


On Tue, Dec 21, 2004 at 12:20:35AM -0600, Rene Rivera wrote:

> Daryle Walker wrote:
> >But standard archive formats are not executable in and of themselves.
>
> As I mentioned elsewhere, that is irrelevant.

I suspect it's a lot easier to replace a self-extracting exe with a
malicious exe than it is to create a zip file that exploits a flaw in
an unzip application, which relies on the flaw being present and easily
exploitable.

> >Expanding a passive archive won't initiate any attack vectors for mal-ware.
>
> Yes it can. And has been historically, re: tiff, png, jpeg, shown that
> bugs in non-embeded expanders can be exploited even with "passive" archives.

You can try to minimise problems from malicious tiffs, jpegs, etc. by
applying patches and updates from your distributor. You can't do anything
to reduce the chance of a malicious exe harming you, except not run it.

> >Whether or not the files _within_ the archive have been perverted is a
> >separate matter from what I originally talked about.
>
> But the executable part of a self-extractor is "within" the archive. It
> is attacked the same way you would the rest of the archive content.

The difference from perverted sources within the archive is that users
_can_ inspect the source if they want to. They can't inspect what an exe
will do before they run it. Whether the malicious code is within or
without the archive is irrelevant, whether the malicious code is already
compiled and executable is what matters, surely?

jon

-- 
"The value of a technical conversation is inversely proportional to
 how well the participants are dressed."
	- Larry McVoy

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk