On Tue, Dec 21, 2004 at 12:20:35AM -0600, Rene Rivera wrote:
Daryle Walker wrote:
But standard archive formats are not executable in and of themselves.
As I mentioned elsewhere, that is irrelevant.
I suspect it's a lot easier to replace a self-extracting exe with a malicious exe than it is to create a zip file that exploits a flaw in an unzip application, which relies on the flaw being present and easily exploitable.
Expanding a passive archive won't initiate any attack vectors for mal-ware.
Yes it can. And has been historically, re: tiff, png, jpeg, shown that bugs in non-embeded expanders can be exploited even with "passive" archives.
You can try to minimise problems from malicious tiffs, jpegs, etc. by applying patches and updates from your distributor. You can't do anything to reduce the chance of a malicious exe harming you, except not run it.
Whether or not the files _within_ the archive have been perverted is a separate matter from what I originally talked about.
But the executable part of a self-extractor is "within" the archive. It is attacked the same way you would the rest of the archive content.
The difference from perverted sources within the archive is that users _can_ inspect the source if they want to. They can't inspect what an exe will do before they run it. Whether the malicious code is within or without the archive is irrelevant, whether the malicious code is already compiled and executable is what matters, surely? jon -- "The value of a technical conversation is inversely proportional to how well the participants are dressed." - Larry McVoy