| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: chows at ozemail.com.au (Gregh) Subject: BZIP2 bomb question ----- Original Message ----- From: "Alex Shipp" <ashipp@...sagelabs.com> To: <full-disclosure@...ts.netsys.com> Sent: Tuesday, January 13, 2004 8:36 AM Subject: Re: [Full-Disclosure] BZIP2 bomb question > >----- Original Message ----- > >From: "Gregh" <chows@...mail.com.au> > > > > >Please note I am not a good programmer here but here goes: > > > >I am wondering why, for those who HAVE to auto unpack, a script cannot be > >written which, upon receipt of an archive of any sort, inspects it for, as > >an example, 100K of the same character repeated (keeping in mind that the > >NULL character, chr$(7) etc have all been used for compressed bombs) and if > >there *IS* such a file, move the file to some safe location for later > manual > >inspection and if not, allow automatic unpacking etc. > > Ignoring lots of technical details (!) this can indeed be done, and can be > used > along with lots of other heuristics to defend against compressed bombs. > > There are implementaions that already do this. > Then perhaps the people still falling foul of the bombs might be helped out by a few URLS here if you wouldn't mind? It just seemed a little strange to me that an archive cant be inspected before being operated on. Thanks for the answer! Greg.
Powered by blists - more mailing lists