. 2009/2/25 Michael Pyne <mp...@purinchu.net>: > On Tuesday 24 February 2009, Patryk Zawadzki wrote: >> Also using extended filesystem attributes (or some other metadata >> storage) gives you the additional protection from "downloaded a >> tarball / uncompressed to desktop / the file was compressed as >> executable / now I have two computer icons" kind of scenarios. > > So what happens when the archive extractor actually supports xattr and now > there is executable-with-fancy bit trojan laying in the directory?
Not to mention all the other crazy stuff that you can do with an archive. You can create a file full of zeros, so that the .tar.gz is only a few KB big, but when unpacked it's terabytes large and try to ruin the users machine that way. Or make the unpacked file small, but have holes in it so that when it's read it's terabytes large. (mpyne - a reason I liked your idea to not use readAll) John > > Regards, > - Michael Pyne > _______________________________________________ > xdg mailing list > xdg@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/xdg > > _______________________________________________ xdg mailing list xdg@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xdg
