https://sourceware.org/bugzilla/show_bug.cgi?id=31250
Nick Clifton <nickc at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #9 from Nick Clifton <nickc at redhat dot com> ---
(In reply to Amyspark from comment #8)
>> "C:/windows/system32/<something>" - surely such a library would be a huge
>> security risk ?
>
> That risk would exist only if an extractor used the path verbatim. I believe
> it should be treated as untrusted input and sanitized as appropriate (e.g.
> banish colons on Win32). Another issue, though outside of the scope of
> binutils, is why would someone be storing object files in
> C:/Windows/System32.
Because that would be an excellent attack vector. Trick someone into
installing a library containing something that they want, but also an extra
element that is something nefarious, then have them extract the contents. The
victim thinks that they are getting some update/new program/whatever but in the
background they have also been compromised...
Anyway, the patch is in, so I am going to close this PR for now. If the patch
turns out to be insufficient, or the problem arises in a different format,
please feel free to reopen this case.
--
You are receiving this mail because:
You are on the CC list for the bug.
