lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <007e01c3d954$32e3dc60$0364a8c0@stonker>
From: ashipp at messagelabs.com (Alex Shipp)
Subject: BZIP2 bomb question

>----- Original Message ----- 
>From: "Gregh" <chows@...mail.com.au>
>

>Please note I am not a good programmer here but here goes:
>
>I am wondering why, for those who HAVE to auto unpack, a script cannot be
>written which, upon receipt of an archive of any sort, inspects it for, as
>an example, 100K of the same character repeated (keeping in mind that the
>NULL character, chr$(7) etc have all been used for compressed bombs) and if
>there *IS* such a file, move the file to some safe location for later
manual
>inspection and if not, allow automatic unpacking etc.

Ignoring lots of technical details (!) this can indeed be done, and can be
used
along with lots of other heuristics to defend against compressed bombs.

There are implementaions that already do this.

Regards,

Alex



________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ