Y
Hacker News
new
|
ask
|
show
|
jobs
by
joeyh
811 days ago
Running xz in a sandbox would not prevent an attack that causes it to modify source code in a .tar.xz that is being streamed through it.
1 comments
JoshTriplett
811 days ago
No, it wouldn't, but that wasn't the attack here. And code outside the sandbox could check a checksum of the uncompressed data, to ensure that the decompression can't misbehave.
link