Re: [Full-Disclosure] BZIP2 bomb question

From: Gregh (
Date: 01/13/04

  • Next message: Lan Guy: "Re: [Full-Disclosure] Professional Groups"
    To: "Alex Shipp" <>, <>
    Date: Tue, 13 Jan 2004 23:24:52 +1100

    ----- Original Message -----
    From: "Alex Shipp" <>
    To: <>
    Sent: Tuesday, January 13, 2004 8:36 AM
    Subject: Re: [Full-Disclosure] BZIP2 bomb question

    > >----- Original Message -----
    > >From: "Gregh" <>
    > >
    > >Please note I am not a good programmer here but here goes:
    > >
    > >I am wondering why, for those who HAVE to auto unpack, a script cannot be
    > >written which, upon receipt of an archive of any sort, inspects it for,
    > >an example, 100K of the same character repeated (keeping in mind that the
    > >NULL character, chr$(7) etc have all been used for compressed bombs) and
    > >there *IS* such a file, move the file to some safe location for later
    > manual
    > >inspection and if not, allow automatic unpacking etc.
    > Ignoring lots of technical details (!) this can indeed be done, and can be
    > used
    > along with lots of other heuristics to defend against compressed bombs.
    > There are implementaions that already do this.

    Then perhaps the people still falling foul of the bombs might be helped out
    by a few URLS here if you wouldn't mind? It just seemed a little strange to
    me that an archive cant be inspected before being operated on. Thanks for
    the answer!


    Full-Disclosure - We believe in it.

  • Next message: Lan Guy: "Re: [Full-Disclosure] Professional Groups"