lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: chows at (Gregh)
Subject: BZIP2 bomb question

----- Original Message -----
From: "Alex Shipp" <>
To: <>
Sent: Tuesday, January 13, 2004 8:36 AM
Subject: Re: [Full-Disclosure] BZIP2 bomb question

> >----- Original Message -----
> >From: "Gregh" <>
> >
> >Please note I am not a good programmer here but here goes:
> >
> >I am wondering why, for those who HAVE to auto unpack, a script cannot be
> >written which, upon receipt of an archive of any sort, inspects it for,
> >an example, 100K of the same character repeated (keeping in mind that the
> >NULL character, chr$(7) etc have all been used for compressed bombs) and
> >there *IS* such a file, move the file to some safe location for later
> manual
> >inspection and if not, allow automatic unpacking etc.
> Ignoring lots of technical details (!) this can indeed be done, and can be
> used
> along with lots of other heuristics to defend against compressed bombs.
> There are implementaions that already do this.

Then perhaps the people still falling foul of the bombs might be helped out
by a few URLS here if you wouldn't mind? It just seemed a little strange to
me that an archive cant be inspected before being operated on. Thanks for
the answer!


Powered by blists - more mailing lists