|
|
|
|
|
|
by jjoonathan
3999 days ago
|
|
|
Not the point. Of course it's not surprising that these utilities will execute scripts if you tell them to. The unexpected fact is that you can tell them to -- and that this is documented behavior which probably isn't going away. If your argument was that no programmer should be surprised that you can tell an archive utility to execute an arbitrary script, then you and the author of the post are in complete agreement. The remaining difference is that the article actually does something to fix the problem while you merely hurl an implicit insult at anyone who hasn't seen this type of privilege escalation yet. One of these actions is more constructive than the other. |
|
|
You and I have vastly different opinions on what constitutes privilege escalation.